CVE-2023-6816

NameCVE-2023-6816
DescriptionA flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3721-1, DSA-5603-1, ELA-1040-1, ELA-1043-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)jessie, jessie (lts)2:1.16.4-1+deb8u17fixed
stretch (security)2:1.19.2-1+deb9u9vulnerable
stretch (lts), stretch2:1.19.2-1+deb9u20fixed
buster, buster (lts)2:1.20.4-1+deb10u15fixed
buster (security)2:1.20.4-1+deb10u14fixed
bullseye2:1.20.11-1+deb11u13fixed
bullseye (security)2:1.20.11-1+deb11u14fixed
bookworm (security), bookworm2:21.1.7-3+deb12u8fixed
trixie2:21.1.14-2fixed
sid2:21.1.15-2fixed
xwayland (PTS)bookworm2:22.1.9-1vulnerable
sid, trixie2:24.1.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversourcejessie2:1.16.4-1+deb8u15ELA-1043-1
xorg-serversourcestretch2:1.19.2-1+deb9u18ELA-1040-1
xorg-serversourcebuster2:1.20.4-1+deb10u13DLA-3721-1
xorg-serversourcebullseye2:1.20.11-1+deb11u11DSA-5603-1
xorg-serversourcebookworm2:21.1.7-3+deb12u5DSA-5603-1
xorg-serversource(unstable)2:21.1.11-1
xwaylandsource(unstable)2:23.2.4-1

Notes

[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
https://lists.x.org/archives/xorg/2024-January/061525.html
https://gitlab.freedesktop.org/xorg/xserver/-/commit/9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3

Search for package or bug name: Reporting problems