Wind River Support Network

HomeDefectsLIN1023-3357
Fixed

LIN1023-3357 : Security Advisory - xserver-xorg - CVE-2023-6816

Created: Jan 16, 2024    Updated: Apr 2, 2025
Resolved Date: Mar 24, 2025
Found In Version: 10.23.30.1
Fix Version: 10.23.30.16
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace

Description

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

https://nvd.nist.gov/vuln/detail/CVE-2023-6816

CVEs

  • Linkedin
  • Facebook
  • Twitter
  • Youtube