CVE-2023-6816

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions X.Org Server (affected versions not specified)

Description A flaw was found in the X.Org server, specifically in the DeviceFocusEvent and XIQueryPointer functions, which can lead to a heap overflow. This issue is caused by the server allocating space for the device's particular number of buttons, but buttons can be arbitrarily mapped to any value up to 255. Exploitation of this issue may allow an attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALSA-2024:0557

ALSA-2024:0607

ALSA-2024:2169

ALSA-2024:2170

ALSA-2024:2996

ALT-PU-2024-1181

ALT-PU-2024-1182

ALT-PU-2024-1183

ALT-PU-2024-3261

ALT-PU-2024-4743

ALT-PU-2024-4745

ALT-PU-2024-5972

AZL-33353

AZL-44742

BDU:2024-00405

CESA-2024_0320

CESA-2024_0607

CESA-2024_0629

CESA-2024_2996

CVE-2023-6816

DLA-3721-1

DSA-5603-1

INFSA-2024_2169

INFSA-2024_2170

INFSA-2024_2996

MGASA-2024-0022

OESA-2024-1102

OESA-2024-1548

OESA-2024-1556

OESA-2024-1557

OPENSUSE-SU-2024:13597-1

OPENSUSE-SU-2024:13598-1

RHSA-2024:0320

RHSA-2024:0557

RHSA-2024:0558

RHSA-2024:0597

RHSA-2024:0607

RHSA-2024:0614

RHSA-2024:0617

RHSA-2024:0621

RHSA-2024:0626

RHSA-2024:0629

RHSA-2024:2169

RHSA-2024:2170

RHSA-2024:2995

RHSA-2024:2996

RHSA-2024_0320

RHSA-2024_0557

RHSA-2024_0607

RHSA-2024_0629

RHSA-2024_2169

RHSA-2024_2170

RHSA-2024_2996

RHSA-2025:12751

RLSA-2024:0607

ROSA-SA-2024-2351

ROSA-SA-2024-2352

ROSA-SA-2025-2575

ROSA-SA-2025-2576

SUSE-SU-2024:0109-1

SUSE-SU-2024:0111-1

SUSE-SU-2024:0114-1

SUSE-SU-2024:0116-1

SUSE-SU-2024:0121-1

SUSE-SU-2024:0165-1

SUSE-SU-2024_0109-1

SUSE-SU-2024_0111-1

SUSE-SU-2024_0116-1

SUSE-SU-2024_0121-1

SUSE-SU-2024_0165-1

USN-6587-1

USN-6587-2

USN-6587-3

USN-6587-4

USN-6587-5

ZDI-24-122

ZDI-24-123

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

X.Org Server

CVE-2023-6816

Weakness Enumeration

Related Identifiers

Affected Products

References · 167