CVE-2023-6816

9.8 CRITICAL

Published: January 18, 2024 Modified: March 19, 2026

Description

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:0320

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:0557

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0558

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0597

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0607

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0614

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0617

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0621

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0626

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0629

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2169

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2170

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2995

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2996

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:12751

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2023-6816

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2257691

Source: secalert@redhat.com

Issue Tracking

http://www.openwall.com/lists/oss-security/2024/01/18/1

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0320

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:0557

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0558

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0597

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0607

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0614

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0617

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0621

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0626

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0629

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2169

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2170

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2996

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/security/cve/CVE-2023-6816

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2257691

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202401-30

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20240307-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

39 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.8 / 10.0

EPSS (Exploit Probability)

3.3%

87th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-787 CWE-787

Affected Vendors

debian redhat fedoraproject x.org

Related CVEs

CVE-2026-4508 7.3

CVE-2026-3864 6.5

CVE-2026-33476 7.5

CVE-2026-33423 N/A

CVE-2026-33422 3.5