Cyber Resilience

CVE-2023-6377

High

Published: 13 December 2023

Published
13 December 2023
Modified
24 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0042 62.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6377 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 37.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2023-6377 is an out-of-bounds memory access flaw in the xorg-server X11 implementation. The issue occurs when querying or modifying XKB button actions, such as during input device transitions between a touchpad and a mouse, and is tracked under CWE-125. It affects the core X server component used in most Linux graphical environments.

A local attacker with a valid X session can trigger the flaw to perform arbitrary reads and writes in the X server process, enabling local privilege escalation to root. When X11 forwarding is enabled over SSH or similar tunnels, the same primitive may be reachable remotely and can lead to code execution on the forwarded display server.

Red Hat has published multiple errata (RHSA-2023:7886 and the 2024:0006/0009/0010/0014 family) that deliver patched xorg-server packages for affected Enterprise Linux distributions; applying these updates is the primary mitigation.

EPSS for the CVE rose sharply from a low baseline to a peak of 0.3221 on 2025-01-22 before receding, indicating that meaningful exploitation interest developed well after the original disclosure.

EU & UK References

Vulnerability details

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution…

more

in cases where X11 forwarding is involved.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

redhat
enterprise linux eus
9.2
debian
debian linux
10.0, 11.0, 12.0
x.org
x server
≤ 21.1.10
x.org
xwayland
≤ 23.2.3
tigervnc
tigervnc
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References