Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions

CVE-2023-6377

7.8HIGH

Key Information

Vendor
Red Hat
Status
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Vendor
CVE Published:
13 December 2023

Badges

πŸ“° News Worthy

Summary

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

Affected Version(s)

Red Hat Enterprise Linux 7 <= 0:1.8.0-28.el7_9

Red Hat Enterprise Linux 7 <= 0:1.20.4-25.el7_9

Red Hat Enterprise Linux 8 <= 0:1.13.1-2.el8_9.4

News Articles

favicon imagePenetration Testing

CVE-2023-6546 Archives

VulnerabilityJanuary 16, 2024CVE-2023-6546 PoC Exploit: A Gateway to Linux System TakeoverA cybersecurity researcher, Nassim Asrir has released the details, and a proof-of-concept (PoC) exploit for a...

11 months ago

References

http://www.openwall.com/lists/oss-security/2023/12/13/1
https://access.redhat.com/errata/RHSA-2023:7886
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0006
vendor-advisoryx_refsource_REDHAT

EPSS Score

32% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by Penetration Testing

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

This issue was discovered by Peter Hutterer (Red Hat).
.