CVE-2023-6377

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6377

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6377.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6377

Related

Published

2023-12-13T07:15:30Z

Modified

2024-09-18T03:23:16.963333Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

References

Affected packages

Debian:11 / xorg-server

Package

Name: xorg-server
Purl: pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:1.20.11-1+deb11u10

Affected versions

2:1.*

2:1.20.11-1

2:1.20.11-1+deb11u1

2:1.20.11-1+deb11u2

2:1.20.11-1+deb11u3

2:1.20.11-1+deb11u4

2:1.20.11-1+deb11u5

2:1.20.11-1+deb11u6

2:1.20.11-1+deb11u7

2:1.20.11-1+deb11u8

2:1.20.11-1+deb11u9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / xorg-server

Package

Name: xorg-server
Purl: pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:21.1.7-3+deb12u4

Affected versions

2:21.*

2:21.1.7-3

2:21.1.7-3+deb12u1

2:21.1.7-3+deb12u2

2:21.1.7-3+deb12u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / xorg-server

Package

Name: xorg-server
Purl: pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:21.1.10-1

Affected versions

2:21.*

2:21.1.7-3

2:21.1.8-1

2:21.1.9-1

2:21.1.9-1+hurd.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / xwayland

Package

Name: xwayland
Purl: pkg:deb/debian/xwayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:22.*

2:22.1.9-1

2:23.*

2:23.1.0-1

2:23.1.1-1

2:23.2.0-1

2:23.2.1-1

2:23.2.2-1

2:23.2.3-1

2:23.2.4-1

2:23.2.6-1

2:24.*

2:24.0.99.901-1

2:24.1.0-1

2:24.1.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / xwayland

Package

Name: xwayland
Purl: pkg:deb/debian/xwayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:23.2.3-1

Affected versions

2:22.*

2:22.1.9-1

2:23.*

2:23.1.0-1

2:23.1.1-1

2:23.2.0-1

2:23.2.1-1

2:23.2.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.freedesktop.org/xorg/xserver

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/xorg/xserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0c1a93d319558fe3ab2d94f51d174b4f93810afd

Affected versions

Other

DAMAGE-XFIXES-BASE

DRI-XFree86-4_3_99_12-merge

DRI-trunk-20040613

DRI-trunk-20040721

DRM-1_0_5

DRM-20040613

DRM-20040721

DRM-20050615

DRM-20051017

DRM-2_0_0

Domain-base

Domain-sync1

Domain-sync2

Domain-sync3

Domain-sync4

MODULAR_COPY

PRE_xf86-4_3_0_1

XACE-SELINUX-BASE

XACE-SELINUX-MERGE

XEVIE-BASE

XEVIE-MERGE

XORG-6_7_99_1

XORG-6_7_99_2

XORG-6_7_99_901

XORG-6_7_99_902

XORG-6_7_99_903

XORG-6_7_99_904

XORG-6_8_0

XORG-6_8_99_1

XORG-6_8_99_10

XORG-6_8_99_11

XORG-6_8_99_12

XORG-6_8_99_13

XORG-6_8_99_14

XORG-6_8_99_15

XORG-6_8_99_16

XORG-6_8_99_2

XORG-6_8_99_3

XORG-6_8_99_4

XORG-6_8_99_5

XORG-6_8_99_6

XORG-6_8_99_7

XORG-6_8_99_8

XORG-6_8_99_9

XORG-6_8_99_900

XORG-6_8_99_901

XORG-6_8_99_902

XORG-6_8_99_903

XORG-6_99_99_900

XORG-6_99_99_901

XORG-6_99_99_902

XORG-6_99_99_903

XORG-6_99_99_904

XORG-7_0

XORG-7_0_99_901

XORG-CURRENT-CLOSED

XORG-CURRENT-premerge-release-1

XORG-MAIN

XORG-RELEASE-1-BASE

add-Xi

ah-20021030

ah-20021030-postdri

before-mesa-4_0-import

before_20040421_xprint_branch_landing

dhd-20010328

dhd-20010817

dhd-20020916

dri-0-1-branchpoint

dri-20020129-merge

dri-20020222-merge

kdrive-initial-import

keithp

lg3d-base

pre-R651-import

pre-xgldrop-merge

sco_port_update-base

xf-3_9_16Z

xf-3_9_16Za

xf-3_9_16d

xf-3_9_16e

xf-3_9_16f

xf-3_9_17

xf-3_9_17Z

xf-3_9_17a

xf-3_9_17b

xf-3_9_17c

xf-3_9_17d

xf-3_9_17e

xf-3_9_17f

xf-3_9_18

xf-3_9_18Z

xf-3_9_18Za

xf-3_9_18a

xf-3_9_18b

xf-4_0

xf-4_0-bindist

xf-4_0Z

xf-4_0_1

xf-4_0_1-bindist

xf-4_0_1Z

xf-4_0_1Za

xf-4_0_1Zb

xf-4_0_1Zc

xf-4_0_1a

xf-4_0_1b

xf-4_0_1c

xf-4_0_1d

xf-4_0_1e

xf-4_0_1f

xf-4_0_1g

xf-4_0_1h

xf-4_0_2

xf-4_0_2-bindist

xf-4_0_99_1

xf-4_0_99_2

xf-4_0_99_3

xf-4_0_99_900

xf-4_0a

xf-4_0b

xf-4_0c

xf-4_0d

xf-4_0e

xf-4_0f

xf-4_0g

xf-4_1_99_1

xf-4_1_99_2

xf-4_1_99_3

xf-4_1_99_4

xf-4_1_99_5

xf-4_1_99_6

xf-4_1_99_7

xf-4_2-bp

xf-4_2_0

xf-4_2_0-bindist

xf-4_2_0-bindist-1

xf-4_2_0_1

xf-4_2_1

xf-4_2_1_1

xf-4_2_99_1

xf-4_2_99_2

xf-4_2_99_3

xf-4_2_99_4

xf-4_2_99_901

xf-4_2_99_902

xf-4_3_0

xf-4_3_0_1

xf-4_3_99_1

xf-4_3_99_2

xf-4_3_99_3

xf-4_3_99_4

xf-4_3_99_5

xf-4_3_99_6

xf86-012804-2330

xf86-4_3_0_1

xf86-4_3_99_16

xf86-4_3_99_901

xf86-4_3_99_902

xf86-4_3_99_903

xf86-4_3_99_903_special

xf86-4_4_0

xf86-4_4_99_1

xfixes_2_branchpoint

xorg-server-0_99_1

xorg-server-1_0_99_1

xorg-server-1_0_99_2

xorg-server-1_0_99_901

xorg-server-1_1_99_1

xorg-server-1_1_99_2

xorg-server-1.*

xorg-server-1.1.99.3

xorg-server-1.10.0

xorg-server-1.10.99.901

xorg-server-1.10.99.902

xorg-server-1.11.0

xorg-server-1.11.99.1

xorg-server-1.11.99.2

xorg-server-1.11.99.901

xorg-server-1.11.99.902

xorg-server-1.11.99.903

xorg-server-1.12.0

xorg-server-1.12.99.901

xorg-server-1.12.99.902

xorg-server-1.12.99.903

xorg-server-1.12.99.904

xorg-server-1.12.99.905

xorg-server-1.13.0

xorg-server-1.13.99.901

xorg-server-1.13.99.902

xorg-server-1.14.0

xorg-server-1.14.99.1

xorg-server-1.14.99.2

xorg-server-1.14.99.3

xorg-server-1.14.99.901

xorg-server-1.14.99.902

xorg-server-1.14.99.903

xorg-server-1.14.99.904

xorg-server-1.14.99.905

xorg-server-1.15.0

xorg-server-1.15.99.901

xorg-server-1.15.99.902

xorg-server-1.15.99.903

xorg-server-1.15.99.904

xorg-server-1.16.0

xorg-server-1.16.99.901

xorg-server-1.16.99.902

xorg-server-1.17.0

xorg-server-1.17.99.901

xorg-server-1.17.99.902

xorg-server-1.18.0

xorg-server-1.18.99.2

xorg-server-1.18.99.901

xorg-server-1.18.99.902

xorg-server-1.19.0

xorg-server-1.19.99.901

xorg-server-1.19.99.902

xorg-server-1.19.99.903

xorg-server-1.19.99.904

xorg-server-1.19.99.905

xorg-server-1.2.99.0

xorg-server-1.20.0

xorg-server-1.3.99.0

xorg-server-1.5.99.1

xorg-server-1.6.99.900

xorg-server-1.6.99.901

xorg-server-1.7.99.1

xorg-server-1.7.99.2

xorg-server-1.7.99.901

xorg-server-1.7.99.902

xorg-server-1.8.0

xorg-server-1.8.99.901

xorg-server-1.8.99.902

xorg-server-1.8.99.903

xorg-server-1.8.99.904

xorg-server-1.8.99.905

xorg-server-1.8.99.906

xorg-server-1.9.0

xorg-server-1.9.99.901

xorg-server-1.9.99.902

xorg-server-1.9.99.903

xorg-server-21.*

xorg-server-21.0.99.1