Heap Buffer Overflow Flaw in X.Org Server Could Lead to Application Crash or Remote Code Execution
CVE-2024-21886

Currently unrated

Key Information:

Vendor: Red Hat
Status: Xorg-server; Xwayland; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 28 February 2024

What is CVE-2024-21886?

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

Affected Version(s)

Red Hat Enterprise Linux 7 0:1.20.4-27.el7_9

Red Hat Enterprise Linux 7 0:1.8.0-31.el7_9

Red Hat Enterprise Linux 8 0:1.13.1-2.el8_9.7

References

https://access.redhat.com/errata/RHSA-2024:0320

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0557

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0558

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2024
Vulnerability Reserved
Jan 2, 2024

Credit

Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.