Login Sign Up

CVE-2023-6816

9.8 CRITICAL
Denial of Service

📋 TL;DR

This vulnerability in X.Org server allows heap overflow when button mapping exceeds allocated memory space. Attackers could exploit this to execute arbitrary code or crash the system. Affects systems running X.Org server with button remapping capabilities.

💻 Affected Systems

Products:
  • X.Org X Server
Versions: Versions prior to fixes in Red Hat advisories
Operating Systems: Linux distributions with X.Org server
Default Config Vulnerable: ⚠️ Yes
Notes: Requires button remapping feature to be used, but default configurations may be vulnerable

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Enterprise Linux Desktop by Redhat

View all CVEs affecting Enterprise Linux Desktop →

Enterprise Linux Server by Redhat

View all CVEs affecting Enterprise Linux Server →

Enterprise Linux Workstation by Redhat

View all CVEs affecting Enterprise Linux Workstation →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

X Server by X.org

View all CVEs affecting X Server →

Xwayland by X.org

View all CVEs affecting Xwayland →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges leading to complete system compromise

🟠

Likely Case

Denial of service through system crashes or privilege escalation

🟢

If Mitigated

Limited impact with proper network segmentation and least privilege

🌐 Internet-Facing: MEDIUM - X.Org typically not directly internet-facing but could be exposed via remote desktop
🏢 Internal Only: HIGH - Local attackers or compromised users can exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or ability to send X11 protocol messages

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific Red Hat advisories for version numbers

Vendor Advisory: https://access.redhat.com/errata/RHSA-2024:0320

Restart Required: Yes

Instructions:

1. Update X.Org packages using system package manager
2. Apply Red Hat security updates from provided advisories
3. Restart X server or reboot system

🔧 Temporary Workarounds

Disable button remapping

linux

Prevent button mapping beyond device limits

xinput set-button-map [device] [standard_mapping]

🧯 If You Can't Patch

  • Restrict X server access to trusted users only
  • Implement network segmentation to isolate X11 services

🔍 How to Verify

Check if Vulnerable:

Check X.Org server version and compare against patched versions in Red Hat advisories

Check Version:

Xorg -version

Verify Fix Applied:

Verify X.Org package version matches patched version from vendor advisories

📡 Detection & Monitoring

Log Indicators:

  • X server crashes
  • Memory corruption errors in system logs

Network Indicators:

  • Unusual X11 protocol traffic patterns

SIEM Query:

source="Xorg" AND (event="segmentation fault" OR event="heap corruption")

📊 Metadata

CVE ID: CVE-2023-6816
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: January 18, 2024
Last Updated: August 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6816, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)