CVE-2023-6377

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions xorg-x11-server (affected versions not specified)

Description A flaw was found in xorg-server, related to the handling of XKB button actions, which can result in out-of-bounds memory reads and writes when querying or changing these actions, such as moving from a touchpad to a mouse. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

LPE

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-125

Related Identifiers

ALSA-2024:0010

ALSA-2024:0018

ALSA-2024:2169

ALSA-2024:2170

ALSA-2024:2995

ALSA-2024:2996

ALT-PU-2023-8033

ALT-PU-2023-8034

ALT-PU-2023-8035

ALT-PU-2024-3261

ALT-PU-2024-4743

ALT-PU-2024-4745

AZL-32179

AZL-44700

BDU:2024-00457

CESA-2024_0006

CESA-2024_0009

CESA-2024_0018

CESA-2024_2995

CESA-2024_2996

CVE-2023-6377

DLA-3686-1

DLA-3686-2

DSA-5576-1

DSA-5576-2

INFSA-2024_2169

INFSA-2024_2170

INFSA-2024_2995

INFSA-2024_2996

MGASA-2024-0009

OESA-2023-1951

OESA-2024-2041

OESA-2024-2042

OPENSUSE-SU-2023_4787-1

OPENSUSE-SU-2023_4788-1

OPENSUSE-SU-2023_4791-1

OPENSUSE-SU-2023_4925-1

OPENSUSE-SU-2023_4926-1

OPENSUSE-SU-2023_4934-1

OPENSUSE-SU-2023_4949-1

OPENSUSE-SU-2024:13512-1

OPENSUSE-SU-2024:13513-1

RHSA-2023:7886

RHSA-2024:0006

RHSA-2024:0009

RHSA-2024:0010

RHSA-2024:0014

RHSA-2024:0015

RHSA-2024:0016

RHSA-2024:0017

RHSA-2024:0018

RHSA-2024:0020

RHSA-2024:2169

RHSA-2024:2170

RHSA-2024:2995

RHSA-2024:2996

RHSA-2024_0006

RHSA-2024_0009

RHSA-2024_0010

RHSA-2024_0018

RHSA-2024_2169

RHSA-2024_2170

RHSA-2024_2995

RHSA-2024_2996

RHSA-2025:13998

ROSA-SA-2024-2324

ROSA-SA-2025-2566

ROSA-SA-2025-2575

ROSA-SA-2025-2576

SUSE-SU-2023:4787-1

SUSE-SU-2023:4788-1

SUSE-SU-2023:4789-1

SUSE-SU-2023:4790-1

SUSE-SU-2023:4791-1

SUSE-SU-2023:4792-1

SUSE-SU-2023:4925-1

SUSE-SU-2023:4926-1

SUSE-SU-2023:4933-1

SUSE-SU-2023:4934-1

SUSE-SU-2023:4935-1

SUSE-SU-2023:4949-1

SUSE-SU-2023_4787-1

SUSE-SU-2023_4789-1

SUSE-SU-2023_4790-1

SUSE-SU-2023_4791-1

SUSE-SU-2023_4925-1

SUSE-SU-2023_4934-1

SUSE-SU-2023_4935-1

SUSE-SU-2023_4949-1

USN-6555-1

USN-6555-2

ZDI-24-010

ZDI-24-011

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

Xorg-X11-Server

CVE-2023-6377

Weakness Enumeration

Related Identifiers

Affected Products

References · 163