A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References
Link Providers
http://www.openwall.com/lists/oss-security/2023/12/13/1 cve-icon
https://access.redhat.com/errata/RHSA-2023:7886 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0006 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0009 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0010 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0014 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0015 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0016 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0017 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0018 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0020 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2169 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2170 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2995 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2996 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13998 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-6377 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2253291 cve-icon cve-icon
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html cve-icon
https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/ cve-icon
https://lists.x.org/archives/xorg-announce/2023-December/003435.html cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-6377 cve-icon
https://security.gentoo.org/glsa/202401-30 cve-icon
https://security.netapp.com/advisory/ntap-20240125-0003/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-6377 cve-icon
https://www.debian.org/security/2023/dsa-5576 cve-icon
History

Mon, 18 Aug 2025 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:rhel_els:6
Vendors & Products Redhat rhel Els
References

Fri, 22 Nov 2024 12:00:00 +0000


Mon, 16 Sep 2024 16:30:00 +0000


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-18T11:22:34.517Z

Reserved: 2023-11-29T07:38:35.722Z

Link: CVE-2023-6377

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-13T07:15:30.030

Modified: 2025-08-18T12:15:26.407

Link: CVE-2023-6377

cve-icon Redhat

Severity : Important

Publid Date: 2023-12-13T00:00:00Z

Links: CVE-2023-6377 - Bugzilla

cve-icon OpenCVE Enrichment

No data.