CVE-2023-6377

Name
CVE-2023-6377
Description
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
secalert@redhat.com https://access.redhat.com/security/cve/CVE-2023-6377
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2253291
secalert@redhat.com https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
secalert@redhat.com https://lists.x.org/archives/xorg-announce/2023-December/003435.html
secalert@redhat.com https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
secalert@redhat.com https://www.debian.org/security/2023/dsa-5576
secalert@redhat.com http://www.openwall.com/lists/oss-security/2023/12/13/1
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/
secalert@redhat.com https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7886
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0006
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0009
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0010
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0014
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0015
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0016
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0017
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0018
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0020
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/
secalert@redhat.com https://security.netapp.com/advisory/ntap-20240125-0003/
secalert@redhat.com https://security.gentoo.org/glsa/202401-30
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2169
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2170
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2995
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2996
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:13998

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:* enterprise_linux_eus == None == 9.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xorg-server edge-community 21.1.10-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xorg-server 3.22-community 21.1.10-r0 None fixed
xorg-server 3.21-community 21.1.10-r0 None fixed
xorg-server 3.20-community 21.1.10-r0 None fixed
xorg-server 3.19-community 21.1.10-r0 Natanael Copa <ncopa@alpinelinux.org> fixed