Critical severity9.8NVD Advisory· Published Jan 18, 2024· Updated Jun 17, 2026
CVE-2023-6816
CVE-2023-6816
Description
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
72cpe:/a:redhat:enterprise_linux:8::appstream+ 5 more
- cpe:/a:redhat:enterprise_linux:8::appstreamrange: 0:21.1.3-15.el8
- cpe:/a:redhat:enterprise_linux:8::crbrange: 0:1.20.11-22.el8
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 0:22.1.9-5.el9
- cpe:/a:redhat:enterprise_linux:9::crbrange: 0:1.20.11-24.el9
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7::workstationrange: 0:1.8.0-31.el7_9
cpe:/a:redhat:rhel_e4s:8.2::appstream+ 1 more
- cpe:/a:redhat:rhel_e4s:8.2::appstreamrange: 0:1.9.0-15.el8_2.9
- cpe:/a:redhat:rhel_e4s:8.4::appstreamrange: 0:1.11.0-8.el8_4.8
- Red Hat/Red Hat Enterprise Linux 8.6 Extended Update Supportv5cpe:/a:redhat:rhel_eus:8.6::appstreamRange: 0:1.12.0-6.el8_6.9
- Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Supportv5cpe:/a:redhat:rhel_eus:8.8::appstreamRange: 0:1.12.0-15.el8_8.7
- Red Hat/Red Hat Enterprise Linux 9.0 Extended Update Supportv5cpe:/a:redhat:rhel_eus:9.0::appstreamRange: 0:1.11.0-22.el9_0.8
- Red Hat/Red Hat Enterprise Linux 9.2 Extended Update Supportv5cpe:/a:redhat:rhel_eus:9.2::appstreamRange: 0:1.12.0-14.el9_2.5
- Red Hat/Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONv5cpe:/o:redhat:rhel_els:6Range: 0:1.1.0-25.el6_10.13
- osv-coords58 versionspkg:apk/chainguard/gtfpkg:apk/chainguard/Xnestpkg:apk/chainguard/xorg-serverpkg:apk/chainguard/xorg-server-commonpkg:apk/chainguard/xorg-server-devpkg:apk/chainguard/xorg-server-docpkg:apk/chainguard/Xvfbpkg:apk/chainguard/xvfb-runpkg:apk/wolfi/gtfpkg:apk/wolfi/Xnestpkg:apk/wolfi/xorg-serverpkg:apk/wolfi/xorg-server-commonpkg:apk/wolfi/xorg-server-devpkg:apk/wolfi/xorg-server-docpkg:apk/wolfi/Xvfbpkg:apk/wolfi/xvfb-runpkg:rpm/almalinux/tigervncpkg:rpm/almalinux/tigervnc-iconspkg:rpm/almalinux/tigervnc-licensepkg:rpm/almalinux/tigervnc-selinuxpkg:rpm/almalinux/tigervnc-serverpkg:rpm/almalinux/tigervnc-server-minimalpkg:rpm/almalinux/tigervnc-server-modulepkg:rpm/almalinux/xorg-x11-server-commonpkg:rpm/almalinux/xorg-x11-server-develpkg:rpm/almalinux/xorg-x11-server-sourcepkg:rpm/almalinux/xorg-x11-server-Xdmxpkg:rpm/almalinux/xorg-x11-server-Xephyrpkg:rpm/almalinux/xorg-x11-server-Xnestpkg:rpm/almalinux/xorg-x11-server-Xorgpkg:rpm/almalinux/xorg-x11-server-Xvfbpkg:rpm/almalinux/xorg-x11-server-Xwaylandpkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/xwayland&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xwayland&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/xwayland&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5
< 21.1.10-r5+ 57 more
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 1.13.1-3.el9_3.6.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.6.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.6.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.6.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.6.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.6.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.6.alma.1
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 22.1.9-5.el9
- (no CPE)range: < 21.1.4-150500.7.18.1
- (no CPE)range: < 21.1.11-1.1
- (no CPE)range: < 22.1.5-150500.7.14.1
- (no CPE)range: < 23.2.4-1.1
- (no CPE)range: < 1.20.3-150200.22.5.88.1
- (no CPE)range: < 1.20.3-150200.22.5.88.1
- (no CPE)range: < 1.20.3-150200.22.5.88.1
- (no CPE)range: < 1.20.3-150200.22.5.88.1
- (no CPE)range: < 1.20.3-150400.38.40.1
- (no CPE)range: < 1.20.3-150400.38.40.1
- (no CPE)range: < 21.1.4-150500.7.18.1
- (no CPE)range: < 21.1.4-150500.7.18.1
- (no CPE)range: < 1.20.3-150400.38.40.1
- (no CPE)range: < 1.19.6-10.65.1
- (no CPE)range: < 1.20.3-150200.22.5.88.1
- (no CPE)range: < 1.20.3-150200.22.5.88.1
- (no CPE)range: < 1.20.3-150400.38.40.1
- (no CPE)range: < 1.19.6-10.65.1
- (no CPE)range: < 1.20.3-150200.22.5.88.1
- (no CPE)range: < 1.20.3-150200.22.5.88.1
- (no CPE)range: < 1.20.3-150400.38.40.1
- (no CPE)range: < 1.19.6-10.65.1
- (no CPE)range: < 1.20.3-150200.22.5.88.1
- (no CPE)range: < 1.20.3-150400.38.40.1
- (no CPE)range: < 1.20.3-150400.38.40.1
- (no CPE)range: < 22.1.5-150500.7.14.1
Patches
Vulnerability mechanics
References
24- access.redhat.com/errata/RHSA-2024:0320nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2023-6816nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- www.openwall.com/lists/oss-security/2024/01/18/1nvd
- access.redhat.com/errata/RHSA-2024:0557nvd
- access.redhat.com/errata/RHSA-2024:0558nvd
- access.redhat.com/errata/RHSA-2024:0597nvd
- access.redhat.com/errata/RHSA-2024:0607nvd
- access.redhat.com/errata/RHSA-2024:0614nvd
- access.redhat.com/errata/RHSA-2024:0617nvd
- access.redhat.com/errata/RHSA-2024:0621nvd
- access.redhat.com/errata/RHSA-2024:0626nvd
- access.redhat.com/errata/RHSA-2024:0629nvd
- access.redhat.com/errata/RHSA-2024:2169nvd
- access.redhat.com/errata/RHSA-2024:2170nvd
- access.redhat.com/errata/RHSA-2024:2995nvd
- access.redhat.com/errata/RHSA-2024:2996nvd
- access.redhat.com/errata/RHSA-2025:12751nvd
- lists.debian.org/debian-lts-announce/2024/01/msg00016.htmlnvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/nvd
- security.gentoo.org/glsa/202401-30nvd
- security.netapp.com/advisory/ntap-20240307-0006/nvd
News mentions
0No linked articles in our index yet.