Nixpkgs security tracker
Untriaged
Permalink
CVE-2023-6377
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
References
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2023/12/13/1 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240125-0003/ x_transferred
-
https://www.debian.org/security/2023/dsa-5576 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2023/12/13/1 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240125-0003/ x_transferred
-
https://www.debian.org/security/2023/dsa-5576 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2023/12/13/1 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240125-0003/ x_transferred
-
https://www.debian.org/security/2023/dsa-5576 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2023/12/13/1 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240125-0003/ x_transferred
-
https://www.debian.org/security/2023/dsa-5576 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2023/12/13/1 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240125-0003/ x_transferred
-
https://www.debian.org/security/2023/dsa-5576 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2023/12/13/1 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240125-0003/ x_transferred
-
https://www.debian.org/security/2023/dsa-5576 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2023/12/13/1 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240125-0003/ x_transferred
-
https://www.debian.org/security/2023/dsa-5576 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2023/12/13/1 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240125-0003/ x_transferred
-
https://www.debian.org/security/2023/dsa-5576 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2023/12/13/1 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240125-0003/ x_transferred
-
https://www.debian.org/security/2023/dsa-5576 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
http://www.openwall.com/lists/oss-security/2023/12/13/1 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240125-0003/ x_transferred
-
https://www.debian.org/security/2023/dsa-5576 x_transferred
Affected products
tigervnc
- *
xwayland
- ==23.2.3
xorg-server
- ==21.1.10
xorg-x11-server
- *
xorg-x11-server-Xwayland
- *