X.Org Server Vulnerability Could Lead to Application Crash, Privilege Escalation, or Remote Code Execution
CVE-2024-0229

7.8HIGH

Key Information:

Vendor: Red Hat
Status: xorg-server; xwayland; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 9 February 2024

Summary

The vulnerability arises from an out-of-bounds memory access flaw present in the X.Org server, a software that handles graphical displays in Unix-like operating systems. This flaw is triggered when a device that has been 'frozen' by a sync grab is subsequently reattached to a new master device, creating a condition where improper memory access can occur. Exploitation of this vulnerability may lead to application crashes, and in scenarios where the server operates with elevated privileges, it could enable local privilege escalation. Additionally, in environments that utilize SSH X11 forwarding, this defect poses a risk of remote code execution, presenting significant security challenges for users relying on this system.

Affected Version(s)

Red Hat Enterprise Linux 7 0:1.20.4-27.el7_9

Red Hat Enterprise Linux 7 0:1.8.0-31.el7_9

Red Hat Enterprise Linux 8 0:1.13.1-2.el8_9.7

References

https://access.redhat.com/errata/RHSA-2024:0320

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0557

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0558

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2024
Vulnerability Reserved
Jan 3, 2024

Collectors

NVD DatabaseMitre Database

Credit

Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter.