Heap Buffer Overflow Vulnerability in X.Org Server
CVE-2024-21885

7.8HIGH

Key Information:

Status
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
28 February 2024

What is CVE-2024-21885?

A flaw has been identified in the X.Org Server affecting the XISendDeviceHierarchyEvent function, which handles new device IDs. This flaw allows for the potential exceeding of allocated array lengths within the xXIHierarchyInfo struct, leading to a heap buffer overflow condition. Such overflow can result in critical issues like application crashes or the execution of arbitrary code within SSH X11 forwarding environments, posing significant security risks to affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2024:0320
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0557
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0558
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.
JSON
.