CVE - CVE-2023-6377

CVE-ID
CVE-2023-6377	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:RHBZ#2253291 URL:https://bugzilla.redhat.com/show_bug.cgi?id=2253291 MISC:RHSA-2023:7886 URL:https://access.redhat.com/errata/RHSA-2023:7886 MISC:RHSA-2024:0006 URL:https://access.redhat.com/errata/RHSA-2024:0006 MISC:RHSA-2024:0009 URL:https://access.redhat.com/errata/RHSA-2024:0009 MISC:RHSA-2024:0010 URL:https://access.redhat.com/errata/RHSA-2024:0010 MISC:RHSA-2024:0014 URL:https://access.redhat.com/errata/RHSA-2024:0014 MISC:RHSA-2024:0015 URL:https://access.redhat.com/errata/RHSA-2024:0015 MISC:RHSA-2024:0016 URL:https://access.redhat.com/errata/RHSA-2024:0016 MISC:RHSA-2024:0017 URL:https://access.redhat.com/errata/RHSA-2024:0017 MISC:RHSA-2024:0018 URL:https://access.redhat.com/errata/RHSA-2024:0018 MISC:RHSA-2024:0020 URL:https://access.redhat.com/errata/RHSA-2024:0020 MISC:http://www.openwall.com/lists/oss-security/2023/12/13/1 URL:http://www.openwall.com/lists/oss-security/2023/12/13/1 MISC:https://access.redhat.com/security/cve/CVE-2023-6377 URL:https://access.redhat.com/security/cve/CVE-2023-6377 MISC:https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd URL:https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd MISC:https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html URL:https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html MISC:https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html URL:https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/ URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/ MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/ URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/ MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/ URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/ MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/ URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/ MISC:https://lists.x.org/archives/xorg-announce/2023-December/003435.html URL:https://lists.x.org/archives/xorg-announce/2023-December/003435.html MISC:https://security.gentoo.org/glsa/202401-30 URL:https://security.gentoo.org/glsa/202401-30 MISC:https://security.netapp.com/advisory/ntap-20240125-0003/ URL:https://security.netapp.com/advisory/ntap-20240125-0003/ MISC:https://www.debian.org/security/2023/dsa-5576 URL:https://www.debian.org/security/2023/dsa-5576
Assigning CNA
Red Hat, Inc.
Date Record Created
20231129	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20231129)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)