CVE-2023-6377
Published: 13 December 2023
Summary
CVE-2023-6377 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 37.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-6377 is an out-of-bounds memory access flaw in the xorg-server X11 implementation. The issue occurs when querying or modifying XKB button actions, such as during input device transitions between a touchpad and a mouse, and is tracked under CWE-125. It affects the core X server component used in most Linux graphical environments.
A local attacker with a valid X session can trigger the flaw to perform arbitrary reads and writes in the X server process, enabling local privilege escalation to root. When X11 forwarding is enabled over SSH or similar tunnels, the same primitive may be reachable remotely and can lead to code execution on the forwarded display server.
Red Hat has published multiple errata (RHSA-2023:7886 and the 2024:0006/0009/0010/0014 family) that deliver patched xorg-server packages for affected Enterprise Linux distributions; applying these updates is the primary mitigation.
EPSS for the CVE rose sharply from a low baseline to a peak of 0.3221 on 2025-01-22 before receding, indicating that meaningful exploitation interest developed well after the original disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58618
Vulnerability details
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution…
more
in cases where X11 forwarding is involved.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.