CVE-2024-9632

EPSS 0.06%
Veröffentlicht 30.10.2024 08:15:04
Zuletzt bearbeitet 04.08.2025 21:15:29
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 23

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://gitlab.freedesktop.org/xorg/xserver/

≫

Paket xorg-server

Default Statusunaffected

Version < 21.1.14

Version 1.1.1

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

Version < *

Version 0:24.1.5-3.el10_0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION

Default Statusaffected

Version < *

Version 0:1.1.0-25.el6_10.13

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support

Default Statusaffected

Version < *

Version 0:1.8.0-34.el7_9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.20.11-25.el8_10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:21.1.3-17.el8_10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.13.1-14.el8_10

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version < *

Version 0:1.9.0-15.el8_2.12

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:1.11.0-8.el8_4.11

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.11.0-8.el8_4.11

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.11.0-8.el8_4.11

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:1.12.0-6.el8_6.12

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.12.0-6.el8_6.12

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.12.0-6.el8_6.12

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.12.0-15.el8_8.11

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.14.1-1.el9_5

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.20.11-28.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:23.2.7-3.el9_6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.11.0-22.el9_0.12

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.12.0-14.el9_2.9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.13.1-8.el9_4.4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6

Default Statusunknown

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7

Default Statusunknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.172

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://access.redhat.com/errata/RHSA-2024:10090

https://access.redhat.com/errata/RHSA-2024:8798

https://access.redhat.com/errata/RHSA-2024:9540

https://access.redhat.com/errata/RHSA-2024:9579

https://access.redhat.com/errata/RHSA-2024:9601

https://access.redhat.com/errata/RHSA-2024:9690

https://access.redhat.com/errata/RHSA-2024:9816

https://access.redhat.com/errata/RHSA-2024:9818

https://access.redhat.com/errata/RHSA-2024:9819

https://access.redhat.com/errata/RHSA-2024:9820

https://access.redhat.com/errata/RHSA-2024:9901

https://access.redhat.com/security/cve/CVE-2024-9632