Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice
CVE-2024-31081

7.3HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Vendor
CVE Published:
4 April 2024

Summary

A heap-based buffer over-read vulnerability exists in the X.org server's ProcXIPassiveGrabDevice() function. This vulnerability arises when byte-swapped length values are utilized in replies, which can create memory leakage scenarios and lead to segmentation faults. Specifically, this issue may be triggered by clients operating with differing endianness, allowing an attacker to exploit the X server's ability to read heap memory values and subsequently transmit them back to the client, potentially leading to a crash when an unmapped page is accessed. Although the attacker cannot dictate the precise memory content copied into the replies, small length values, typically represented as 32-bit integers, can prompt significant out-of-bounds read attempts.

Affected Version(s)

Red Hat Enterprise Linux 7 0:1.20.4-29.el7_9

Red Hat Enterprise Linux 7 0:1.8.0-33.el7_9

Red Hat Enterprise Linux 8 0:1.13.1-2.el8_9.10

References

https://access.redhat.com/errata/RHSA-2024:1785
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2036
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2037
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database
.