CVE-2023-6377

UNKNOWN

Published 2023-12-13T06:27:40.758Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-6377. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.8

/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.322

probability

of exploitation in the wild

There is a 32.2% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.971

Higher than 97.1% of all CVEs

Attack Vector Metrics

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Red Hat

Red Hat Enterprise Linux 7

Affected Versions:

0:1.8.0-28.el7_9

Red Hat

Red Hat Enterprise Linux 7

Affected Versions:

0:1.20.4-25.el7_9

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:1.13.1-2.el8_9.4

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:1.20.11-22.el8

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:21.1.3-15.el8

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

Affected Versions:

0:1.9.0-15.el8_2.6

Red Hat

Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Affected Versions:

0:1.9.0-15.el8_2.6

Red Hat

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Affected Versions:

0:1.9.0-15.el8_2.6

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Affected Versions:

0:1.11.0-8.el8_4.5

Red Hat

Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Affected Versions:

0:1.11.0-8.el8_4.5

Red Hat

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Affected Versions:

0:1.11.0-8.el8_4.5

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

Affected Versions:

0:1.12.0-6.el8_6.6

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

Affected Versions:

0:1.12.0-15.el8_8.4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:1.13.1-3.el9_3.3

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:1.20.11-24.el9

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:22.1.9-5.el9

Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

Affected Versions:

0:1.11.0-22.el9_0.5

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

Affected Versions:

0:1.12.0-14.el9_2.2

Red Hat

Red Hat Enterprise Linux 6

Red Hat

Red Hat Enterprise Linux 6

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-xp6x-8hgv-x5w5

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-6377

WEB https://www.debian.org/security/2023/dsa-5576

WEB https://security.netapp.com/advisory/ntap-20240125-0003

WEB https://security.gentoo.org/glsa/202401-30

WEB https://lists.x.org/archives/xorg-announce/2023-December/003435.html

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6

WEB https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html

WEB https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html

WEB https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd

WEB https://bugzilla.redhat.com/show_bug.cgi?id=2253291

WEB https://access.redhat.com/security/cve/CVE-2023-6377

WEB https://access.redhat.com/errata/RHSA-2024:2996

WEB https://access.redhat.com/errata/RHSA-2024:2995

WEB https://access.redhat.com/errata/RHSA-2024:2170

WEB https://access.redhat.com/errata/RHSA-2024:2169

WEB https://access.redhat.com/errata/RHSA-2024:0020

WEB https://access.redhat.com/errata/RHSA-2024:0018

WEB https://access.redhat.com/errata/RHSA-2024:0017

WEB https://access.redhat.com/errata/RHSA-2024:0016

WEB https://access.redhat.com/errata/RHSA-2024:0015

WEB https://access.redhat.com/errata/RHSA-2024:0014

WEB https://access.redhat.com/errata/RHSA-2024:0010

WEB https://access.redhat.com/errata/RHSA-2024:0009

WEB https://access.redhat.com/errata/RHSA-2024:0006

WEB https://access.redhat.com/errata/RHSA-2023:7886

WEB http://www.openwall.com/lists/oss-security/2023/12/13/1

Advisory provided by GitHub Security Advisory Database. Published: December 13, 2023, Modified: May 22, 2024

References

https://access.redhat.com/errata/RHSA-2023:7886

https://access.redhat.com/errata/RHSA-2024:0006

https://access.redhat.com/errata/RHSA-2024:0009

https://access.redhat.com/errata/RHSA-2024:0010

https://access.redhat.com/errata/RHSA-2024:0014

https://access.redhat.com/errata/RHSA-2024:0015

https://access.redhat.com/errata/RHSA-2024:0016

https://access.redhat.com/errata/RHSA-2024:0017

https://access.redhat.com/errata/RHSA-2024:0018

https://access.redhat.com/errata/RHSA-2024:0020

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2996

https://access.redhat.com/security/cve/CVE-2023-6377

https://bugzilla.redhat.com/show_bug.cgi?id=2253291

https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd

https://lists.x.org/archives/xorg-announce/2023-December/003435.html

Published: 2023-12-13T06:27:40.758Z

Last Modified: 2024-11-23T02:51:53.636Z

Copied to clipboard!

CVE-2023-6377

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!