Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
CVE-2023-6377

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.2 Advanced Update Support; Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Vendor: CVE Published:; 13 December 2023

Badges

📰 News Worthy

Summary

A flaw in xorg-server allows for out-of-bounds memory reads and writes when querying or modifying XKB button actions, such as transitioning from a touchpad to a mouse. This vulnerability poses significant risks, including local privilege escalation and potentially remote code execution, particularly in scenarios where X11 forwarding is utilized. It is crucial for users and administrators to ensure that they are operating on updated versions of the xorg-server to mitigate associated security threats.

Affected Version(s)

Red Hat Enterprise Linux 7 0:1.8.0-28.el7_9

Red Hat Enterprise Linux 7 0:1.20.4-25.el7_9

Red Hat Enterprise Linux 8 0:1.13.1-2.el8_9.4

News Articles

Penetration Testing

CVE-2023-6546 CVE-2023-6377

CVE-2023-6546 Archives

VulnerabilityJanuary 16, 2024CVE-2023-6546 PoC Exploit: A Gateway to Linux System TakeoverA cybersecurity researcher, Nassim Asrir has released the details, and a proof-of-concept (PoC) exploit for a...

References

http://www.openwall.com/lists/oss-security/2023/12/13/1

https://access.redhat.com/errata/RHSA-2023:7886

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0006

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by Penetration Testing
Jan 20, 2024
Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Nov 29, 2023

Credit

This issue was discovered by Peter Hutterer (Red Hat).