CVE-2024-21885

EPSS 0.24%
Published 28.02.2024 13:15:08
Last modified 04.08.2025 21:15:28
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

Affected products Warnungen 0 Metrics 2 CWE 1 References 21

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://gitlab.freedesktop.org/xorg/xserver

≫

Package xorg-server

Version < 21.1.11

Version 0

Status affected

Version < *

Version 21.1.11

Status unaffected

Collection URLhttps://gitlab.freedesktop.org/xorg/xserver

≫

Package xwayland

Version < 23.2.4

Version 0

Status affected

Version < *

Version 23.2.4

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION

Default Statusaffected

Version < *

Version 0:1.1.0-25.el6_10.13

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 7

Default Statusaffected

Version < *

Version 0:1.20.4-27.el7_9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 7

Default Statusaffected

Version < *

Version 0:1.8.0-31.el7_9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.13.1-2.el8_9.7

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.20.11-22.el8

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:21.1.3-15.el8

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version < *

Version 0:1.9.0-15.el8_2.9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.9.0-15.el8_2.9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.9.0-15.el8_2.9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:1.11.0-8.el8_4.8

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.11.0-8.el8_4.8

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.11.0-8.el8_4.8

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.6 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.12.0-6.el8_6.9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.8 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.12.0-15.el8_8.7

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.13.1-3.el9_3.6

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.20.11-24.el9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:22.1.9-5.el9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9.0 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.11.0-22.el9_0.8

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9.2 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.12.0-14.el9_2.5

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 6

Default Statusunknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.464

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2996

https://access.redhat.com/errata/RHSA-2024:0320

https://access.redhat.com/errata/RHSA-2024:0557

https://access.redhat.com/errata/RHSA-2024:0558

https://access.redhat.com/errata/RHSA-2024:0597

https://access.redhat.com/errata/RHSA-2024:0607

https://access.redhat.com/errata/RHSA-2024:0614

https://access.redhat.com/errata/RHSA-2024:0617

https://access.redhat.com/errata/RHSA-2024:0621