CVE-2024-0229

HIGH

X.org X Server < 21.1.11 - Out-of-Bounds Write

Title source: rule

Description

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

References (21)

... and 1 more

Scores

CVSS v3 7.8
EPSS 0.0032
EPSS Percentile 54.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-787
Status published

Affected Products (16)

x.org/x_server < 21.1.11
x.org/xwayland < 23.2.4
fedoraproject/fedora
redhat/enterprise_linux
redhat/enterprise_linux
redhat/enterprise_linux
redhat/enterprise_linux_aus
redhat/enterprise_linux_aus
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_tus
redhat/enterprise_linux_tus
redhat/enterprise_linux_update_services_for_sap_solutions
... and 1 more

Timeline

Published Feb 09, 2024
Tracked Since Feb 18, 2026