CVE-2023-6478

moderate-risk
Published 2023-12-13

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

Do I need to act?

~
1.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.6/10 High
NETWORK / LOW complexity

Affected Products (7)

Xwayland

Affected Vendors

Debian Redhat X.Org Tigervnc

References (46)

Vendor Advisory https://access.redhat.com/errata/RHSA-2023:7886
https://access.redhat.com/errata/RHSA-2024:0006
https://access.redhat.com/errata/RHSA-2024:0009
https://access.redhat.com/errata/RHSA-2024:0010
https://access.redhat.com/errata/RHSA-2024:0014
https://access.redhat.com/errata/RHSA-2024:0015
https://access.redhat.com/errata/RHSA-2024:0016
https://access.redhat.com/errata/RHSA-2024:0017
https://access.redhat.com/errata/RHSA-2024:0018
https://access.redhat.com/errata/RHSA-2024:0020
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2170
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:2996
https://access.redhat.com/errata/RHSA-2025:12751
Vendor Advisory https://access.redhat.com/security/cve/CVE-2023-6478
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2253298
Patch https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a1641...
Vendor Advisory https://lists.x.org/archives/xorg-announce/2023-December/003435.html
http://www.openwall.com/lists/oss-security/2023/12/13/1
and 26 more references
45
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 4/34 · Minimal
Exposure 14/34 · Moderate