Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-x3p6-a59z-ebf3
Vulnerability ID VCID-x3p6-a59z-ebf3
Aliases CVE-2023-6478
Summary Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation or remote code execution.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 7.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6478.json
epss 0.01208 https://api.first.org/data/v1/epss?cve=CVE-2023-6478
epss 0.01208 https://api.first.org/data/v1/epss?cve=CVE-2023-6478
epss 0.01208 https://api.first.org/data/v1/epss?cve=CVE-2023-6478
epss 0.01208 https://api.first.org/data/v1/epss?cve=CVE-2023-6478
epss 0.01208 https://api.first.org/data/v1/epss?cve=CVE-2023-6478
epss 0.01208 https://api.first.org/data/v1/epss?cve=CVE-2023-6478
epss 0.01208 https://api.first.org/data/v1/epss?cve=CVE-2023-6478
epss 0.01208 https://api.first.org/data/v1/epss?cve=CVE-2023-6478
cvssv3.1 7.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6478.json
https://api.first.org/data/v1/epss?cve=CVE-2023-6478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6478
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2253298 https://bugzilla.redhat.com/show_bug.cgi?id=2253298
GLSA-202401-30 https://security.gentoo.org/glsa/202401-30
RHSA-2023:7886 https://access.redhat.com/errata/RHSA-2023:7886
RHSA-2024:0006 https://access.redhat.com/errata/RHSA-2024:0006
RHSA-2024:0009 https://access.redhat.com/errata/RHSA-2024:0009
RHSA-2024:0010 https://access.redhat.com/errata/RHSA-2024:0010
RHSA-2024:0014 https://access.redhat.com/errata/RHSA-2024:0014
RHSA-2024:0015 https://access.redhat.com/errata/RHSA-2024:0015
RHSA-2024:0016 https://access.redhat.com/errata/RHSA-2024:0016
RHSA-2024:0017 https://access.redhat.com/errata/RHSA-2024:0017
RHSA-2024:0018 https://access.redhat.com/errata/RHSA-2024:0018
RHSA-2024:0020 https://access.redhat.com/errata/RHSA-2024:0020
RHSA-2024:2169 https://access.redhat.com/errata/RHSA-2024:2169
RHSA-2024:2170 https://access.redhat.com/errata/RHSA-2024:2170
RHSA-2024:2995 https://access.redhat.com/errata/RHSA-2024:2995
RHSA-2024:2996 https://access.redhat.com/errata/RHSA-2024:2996
RHSA-2025:12751 https://access.redhat.com/errata/RHSA-2025:12751
USN-6555-1 https://usn.ubuntu.com/6555-1/
USN-6555-2 https://usn.ubuntu.com/6555-2/
USN-6587-5 https://usn.ubuntu.com/6587-5/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6478.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.7893
EPSS Score 0.01208
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:25.591787+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202401-30 38.0.0