CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-6816

CVSS 9.8v3.1pub. 2024-01-18upd. 2026-03-19

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

🤖 AI Analysis
How it works

DeviceFocusEvent messages and XIQueryPointer responses contain a bit for each logically pressed button on the pointing device. Buttons can be arbitrarily mapped to values from 1 to 255; however, X.Org Server allocated memory based solely on the actual number of buttons on a specific device. When an attacker used a mapping value greater than the actual number of buttons, a write occurred outside the allocated heap area (CWE-787 — out-of-bounds write), leading to memory corruption.

Impact

An attacker can cause memory corruption in the X.Org Server process, which may consequently enable arbitrary code execution (RCE) with server privileges or cause a denial of service.

Mitigation & patch

Apply patches available from the vendor according to references. For Red Hat Enterprise Linux, the following errata are available: RHSA-2024:0320, RHSA-2024:0557, RHSA-2024:0558, RHSA-2024:0597, and RHSA-2024:0607. It is recommended to implement patches as quickly as possible and restrict network access to the X.Org server to trusted hosts.

Who is affected

X.Org X Server, X.Org Xwayland, Fedora, Red Hat Enterprise Linux Desktop, and Red Hat Enterprise Linux Server — specific versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Debian

    OS
    Debian
    10.0
  • Fedora Project Fedora

    OS
    Fedoraproject
    39
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    7.0
  • X.org X Server

    APP
    X.Org
    < 21.1.11
  • X.org Xwayland

    APP
    X.Org
    < 23.2.4
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki