CVE-2023-6816: Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
First published: Wed Jan 10 2024(Updated: )
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X.org Xorg-server | <21.1.11 | |
| X.org Xwayland | <23.2.4 | |
| Fedoraproject Fedora | =39 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Debian Debian Linux | =10.0 | |
| redhat/xorg-server | <21.1.11 | 21.1.11 |
| redhat/xwayland | <23.2.4 | 23.2.4 |
| ubuntu/xorg-server | <2:1.19.6-1ubuntu4.15+ | 2:1.19.6-1ubuntu4.15+ |
| ubuntu/xorg-server | <2:1.20.13-1ubuntu1~20.04.14 | 2:1.20.13-1ubuntu1~20.04.14 |
| ubuntu/xorg-server | <2:21.1.4-2ubuntu1.7~22.04.7 | 2:21.1.4-2ubuntu1.7~22.04.7 |
| ubuntu/xorg-server | <2:21.1.7-1ubuntu3.6 | 2:21.1.7-1ubuntu3.6 |
| ubuntu/xorg-server | <2:21.1.7-3ubuntu2.6 | 2:21.1.7-3ubuntu2.6 |
| ubuntu/xorg-server | <2:1.15.1-0ubuntu2.11+ | 2:1.15.1-0ubuntu2.11+ |
| ubuntu/xorg-server | <2:21.1.11-1 | 2:21.1.11-1 |
| ubuntu/xorg-server | <2:1.18.4-0ubuntu0.12+ | 2:1.18.4-0ubuntu0.12+ |
| ubuntu/xwayland | <2:22.1.1-1ubuntu0.10 | 2:22.1.1-1ubuntu0.10 |
| ubuntu/xwayland | <2:22.1.8-1ubuntu1.4 | 2:22.1.8-1ubuntu1.4 |
| ubuntu/xwayland | <2:23.2.0-1ubuntu0.4 | 2:23.2.0-1ubuntu0.4 |
| debian/xorg-server | <=2:1.20.4-1+deb10u4 | 2:1.20.4-1+deb10u14 2:1.20.11-1+deb11u11 2:1.20.11-1+deb11u13 2:21.1.7-3+deb12u5 2:21.1.7-3+deb12u7 2:21.1.12-1 |
| debian/xwayland | <=2:22.1.9-1 | 2:23.2.4-1 2:23.2.6-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2024/01/18/1
- https://access.redhat.com/errata/RHSA-2024:0320
- https://access.redhat.com/errata/RHSA-2024:0557
- https://access.redhat.com/errata/RHSA-2024:0558
- https://access.redhat.com/errata/RHSA-2024:0597
- https://access.redhat.com/errata/RHSA-2024:0607
- https://access.redhat.com/errata/RHSA-2024:0614
- https://access.redhat.com/errata/RHSA-2024:0617
- https://access.redhat.com/errata/RHSA-2024:0621
- https://access.redhat.com/errata/RHSA-2024:0626
- https://access.redhat.com/errata/RHSA-2024:0629
- https://access.redhat.com/security/cve/CVE-2023-6816
- https://bugzilla.redhat.com/show_bug.cgi?id=2257691
- https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
- https://security.gentoo.org/glsa/202401-30
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
- https://security.netapp.com/advisory/ntap-20240307-0006/
- https://launchpad.net/bugs/cve/CVE-2023-6816
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2258927
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2258926
- https://lists.x.org/archives/xorg/2024-January/061525.html
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3
- https://security-tracker.debian.org/tracker/CVE-2023-6816
- https://ubuntu.com/security/notices/USN-6587-1
- https://ubuntu.com/security/notices/USN-6587-2
- https://ubuntu.com/security/notices/USN-6587-5
- https://www.cve.org/CVERecord?id=CVE-2023-6816
- https://nvd.nist.gov/vuln/detail/CVE-2023-6816
- https://ubuntu.com/security/CVE-2023-6816
- agent/type
- agent/title
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/nvd-api
- collector/launchpad-cve
- source/Launchpad
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-6816
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/x.org
- canonical/x.org xorg-server
- canonical/x.org xwayland
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/39
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- package-manager/redhat
- package-manager/debian
- package-manager/ubuntu