Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents
CVE-2024-31080

7.3HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Vendor
CVE Published:
4 April 2024

Summary

A vulnerability exists within the X.org server's ProcXIGetSelectedEvents() function due to a heap-based buffer over-read caused by improper handling of byte-swapped length values in replies. This issue can lead to unintended memory leakage and potential segmentation faults, especially when a malicious client with a different endianness triggers the condition. Although attackers cannot control the exact memory content being read, they can exploit this flaw to initiate out-of-bounds reads, causing the X server to access and potentially transmit sensitive heap memory values back to the client. This scenario may ultimately lead to a crash due to accessing unmapped memory pages.

Affected Version(s)

Red Hat Enterprise Linux 7 0:1.20.4-29.el7_9

Red Hat Enterprise Linux 7 0:1.8.0-33.el7_9

Red Hat Enterprise Linux 8 0:1.13.1-2.el8_9.10

References

https://access.redhat.com/errata/RHSA-2024:1785
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2036
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2037
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.