Xorg-x11-server: use-after-free in procrenderaddglyphs
CVE-2024-31083

7.8HIGH

Key Information:

Status
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
5 April 2024

What is CVE-2024-31083?

A vulnerability has been identified in the ProcRenderAddGlyphs() function of Xorg servers, which stems from improper handling of glyphs during message processing. When AllocateGlyph() is invoked to manage new glyphs sent from clients to the X server, it results in multiple pointers pointing to non-refcounted glyphs. This mismanagement can lead to scenarios where ProcRenderAddGlyphs() unintentionally frees a glyph still in use, causing a potential use-after-free condition. An authenticated user may exploit this flaw by crafting specific requests, thereby enabling them to execute arbitrary code on affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2024:1785
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2036
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2037
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.