CVE-2023-6816

critical

Description

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

References

https://security.netapp.com/advisory/ntap-20240307-0006/

https://security.gentoo.org/glsa/202401-30

https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

https://bugzilla.redhat.com/show_bug.cgi?id=2257691

https://access.redhat.com/security/cve/CVE-2023-6816

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:0629

https://access.redhat.com/errata/RHSA-2024:0626

https://access.redhat.com/errata/RHSA-2024:0621

https://access.redhat.com/errata/RHSA-2024:0617

https://access.redhat.com/errata/RHSA-2024:0614

https://access.redhat.com/errata/RHSA-2024:0607

https://access.redhat.com/errata/RHSA-2024:0597

https://access.redhat.com/errata/RHSA-2024:0558

https://access.redhat.com/errata/RHSA-2024:0557

https://access.redhat.com/errata/RHSA-2024:0320

http://www.openwall.com/lists/oss-security/2024/01/18/1

Details

Source: Mitre, NVD

Published: 2024-01-18

Updated: 2024-04-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical