A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
Tigervnc
  • Tigervnc
X.org
  • X Server
  • Xwayland

Configuration 1 [-]

cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7
tigervnc-0:1.8.0-28.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2024:0006 2024-01-02T00:00:00Z
xorg-x11-server-0:1.20.4-25.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2024:0009 2024-01-02T00:00:00Z
Red Hat Enterprise Linux 8
tigervnc-0:1.13.1-2.el8_9.4 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:0018 2024-01-02T00:00:00Z
xorg-x11-server-0:1.20.11-22.el8 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2995 2024-05-22T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-15.el8 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2996 2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
tigervnc-0:1.9.0-15.el8_2.6 cpe:/a:redhat:rhel_aus:8.2 RHSA-2024:0017 2024-01-02T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
tigervnc-0:1.9.0-15.el8_2.6 cpe:/a:redhat:rhel_tus:8.2 RHSA-2024:0017 2024-01-02T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
tigervnc-0:1.9.0-15.el8_2.6 cpe:/a:redhat:rhel_e4s:8.2 RHSA-2024:0017 2024-01-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
tigervnc-0:1.11.0-8.el8_4.5 cpe:/a:redhat:rhel_aus:8.4 RHSA-2024:0016 2024-01-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
tigervnc-0:1.11.0-8.el8_4.5 cpe:/a:redhat:rhel_tus:8.4 RHSA-2024:0016 2024-01-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
tigervnc-0:1.11.0-8.el8_4.5 cpe:/a:redhat:rhel_e4s:8.4 RHSA-2024:0016 2024-01-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
tigervnc-0:1.12.0-6.el8_6.6 cpe:/a:redhat:rhel_eus:8.6 RHSA-2024:0015 2024-01-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
tigervnc-0:1.12.0-15.el8_8.4 cpe:/a:redhat:rhel_eus:8.8 RHSA-2024:0014 2024-01-02T00:00:00Z
Red Hat Enterprise Linux 9
tigervnc-0:1.13.1-3.el9_3.3 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:0010 2024-01-02T00:00:00Z
xorg-x11-server-0:1.20.11-24.el9 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2169 2024-04-30T00:00:00Z
xorg-x11-server-Xwayland-0:22.1.9-5.el9 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2170 2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
tigervnc-0:1.11.0-22.el9_0.5 cpe:/a:redhat:rhel_eus:9.0 RHSA-2024:0020 2024-01-02T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
tigervnc-0:1.12.0-14.el9_2.2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2023:7886 2023-12-20T00:00:00Z
References
Link Providers
http://www.openwall.com/lists/oss-security/2023/12/13/1 cve-icon
https://access.redhat.com/errata/RHSA-2023:7886 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0006 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0009 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0010 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0014 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0015 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0016 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0017 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0018 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0020 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2169 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2170 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2995 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2996 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13998 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-6377 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2253291 cve-icon cve-icon
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html cve-icon
https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/ cve-icon
https://lists.x.org/archives/xorg-announce/2023-December/003435.html cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-6377 cve-icon
https://security.gentoo.org/glsa/202401-30 cve-icon
https://security.netapp.com/advisory/ntap-20240125-0003/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-6377 cve-icon
https://www.debian.org/security/2023/dsa-5576 cve-icon
History

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 Aug 2025 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:rhel_els:6
Vendors & Products Redhat rhel Els
References

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Mon, 16 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-13T06:27:40.758Z

Updated: 2026-06-23T17:19:12.799Z

Reserved: 2023-11-29T07:38:35.722Z

Link: CVE-2023-6377

cve-icon Vulnrichment

Updated: 2024-08-02T08:28:21.782Z

cve-icon NVD

Status : Modified

Published: 2023-12-13T07:15:30.030

Modified: 2026-06-17T06:50:38.390

Link: CVE-2023-6377

cve-icon Redhat

Severity : Important

Publid Date: 2023-12-13T00:00:00Z

Links: CVE-2023-6377 - Bugzilla