CVE-2024-0229
Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
Se encontró una falla de acceso a la memoria fuera de los límites en el servidor X.Org. Este problema puede desencadenarse cuando un dispositivo congelado por una captura de sincronización se vuelve a conectar a un dispositivo maestro diferente. Este problema puede provocar una falla de la aplicación, una escalada de privilegios locales (si el servidor se ejecuta con privilegios extendidos) o la ejecución remota de código en entornos de reenvío SSH X11.
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the DeliverStateNotifyEvent function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-03 CVE Reserved
- 2024-01-17 CVE Published
- 2024-05-01 EPSS Updated
- 2024-10-18 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-788: Access of Memory Location After End of Buffer
CAPEC
References (16)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0320 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:0557 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:0558 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:0597 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:0607 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:0614 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:0617 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:0621 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:0626 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:0629 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:2169 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:2170 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:2995 | 2024-05-22 | |
https://access.redhat.com/errata/RHSA-2024:2996 | 2024-05-22 | |
https://access.redhat.com/security/cve/CVE-2024-0229 | 2024-05-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2256690 | 2024-05-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
- | - | - | - | - |