CVE-2023-6816

high-risk
Published 2024-01-18

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

Do I need to act?

~
3.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (7)

Xwayland

Affected Vendors

Debian Redhat X.Org Fedoraproject

References (39)

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0320
https://access.redhat.com/errata/RHSA-2024:0557
https://access.redhat.com/errata/RHSA-2024:0558
https://access.redhat.com/errata/RHSA-2024:0597
https://access.redhat.com/errata/RHSA-2024:0607
https://access.redhat.com/errata/RHSA-2024:0614
https://access.redhat.com/errata/RHSA-2024:0617
https://access.redhat.com/errata/RHSA-2024:0621
https://access.redhat.com/errata/RHSA-2024:0626
https://access.redhat.com/errata/RHSA-2024:0629
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2170
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:2996
https://access.redhat.com/errata/RHSA-2025:12751
Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-6816
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2257691
http://www.openwall.com/lists/oss-security/2024/01/18/1
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0320
https://access.redhat.com/errata/RHSA-2024:0557
and 19 more references
53
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 14/34 · Moderate