Lucene search

RedhatCVE-2023-6377

HistoryDec 13, 2023 - 7:15 a.m.

CVE-2023-6377

2023-12-1307:15:30

CWE-125

redhat

web.nvd.nist.gov

136

cve-2023-6377

xorg-server

local privilege escalation

remote code execution

x11 forwarding

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.16

Percentile

96.1%

JSON

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

Affected configurations

Nvd

Node

redhatenterprise_linux_eusMatch9.2

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

Node

x.orgx_serverRange<21.1.10

AND

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

Node

x.orgxwaylandRange<23.2.3

AND

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

Node

tigervnctigervncMatch-

AND

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

VendorProductVersionCPE
redhatenterprise_linux_eus9.2cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
debiandebian_linux12.0cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
x.orgx_server*cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
x.orgxwayland*cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux_eus	9.2	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*
debian	debian_linux	12.0	cpe:2.3:o:debian:debian_linux:12.0:::::::*
x.org	x_server	*	cpe:2.3:a:x.org:x_server::::::::
redhat	enterprise_linux	6.0	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux	9.0	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
x.org	xwayland	*	cpe:2.3:a:x.org:xwayland::::::::

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.8.0-28.el7_9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7::client",
      "cpe:/o:redhat:enterprise_linux:7::workstation",
      "cpe:/o:redhat:enterprise_linux:7::computenode",
      "cpe:/o:redhat:enterprise_linux:7::server"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.20.4-25.el7_9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7::client",
      "cpe:/o:redhat:enterprise_linux:7::workstation",
      "cpe:/o:redhat:enterprise_linux:7::computenode",
      "cpe:/o:redhat:enterprise_linux:7::server"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.13.1-2.el8_9.4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.20.11-22.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::crb",
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server-Xwayland",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:21.1.3-15.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.9.0-15.el8_2.6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream",
      "cpe:/a:redhat:rhel_aus:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.9.0-15.el8_2.6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream",
      "cpe:/a:redhat:rhel_aus:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.9.0-15.el8_2.6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream",
      "cpe:/a:redhat:rhel_aus:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.11.0-8.el8_4.5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_e4s:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.11.0-8.el8_4.5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_e4s:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.11.0-8.el8_4.5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_e4s:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.12.0-6.el8_6.6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.6::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.12.0-15.el8_8.4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.13.1-3.el9_3.3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.20.11-24.el9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server-Xwayland",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:22.1.9-5.el9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.11.0-22.el9_0.5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.0::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.12.0-14.el9_2.2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "tigervnc",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  }
]