Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
CVE-2023-6377

7.8HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Vendor
CVE Published:
13 December 2023

Badges

🟣 EPSS 32%📰 News Worthy

Summary

A flaw in xorg-server allows for out-of-bounds memory reads and writes when querying or modifying XKB button actions, such as transitioning from a touchpad to a mouse. This vulnerability poses significant risks, including local privilege escalation and potentially remote code execution, particularly in scenarios where X11 forwarding is utilized. It is crucial for users and administrators to ensure that they are operating on updated versions of the xorg-server to mitigate associated security threats.

Affected Version(s)

Red Hat Enterprise Linux 7 0:1.8.0-28.el7_9

Red Hat Enterprise Linux 7 0:1.20.4-25.el7_9

Red Hat Enterprise Linux 8 0:1.13.1-2.el8_9.4

News Articles

🔗Penetration Testing

CVE-2023-6546 Archives

VulnerabilityJanuary 16, 2024CVE-2023-6546 PoC Exploit: A Gateway to Linux System TakeoverA cybersecurity researcher, Nassim Asrir has released the details, and a proof-of-concept (PoC) exploit for a...

1 year ago

References

http://www.openwall.com/lists/oss-security/2023/12/13/1
https://access.redhat.com/errata/RHSA-2023:7886
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0006
vendor-advisoryx_refsource_REDHAT

EPSS Score

32% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Penetration Testing

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Peter Hutterer (Red Hat).
.