Description
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
References (22)
Core 22
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240503-0004/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2996
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:12751
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-21885
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2256540
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0320
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0557
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0558
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0597
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0607
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0614
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0617
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0621
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0626
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0629
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2169
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2170
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2995
Scores
CVSS v3
7.8
EPSS
0.0024
EPSS Percentile
46.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-122
Status
published
Products (20)
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
0:1.1.0-25.el6_10.13
Red Hat/Red Hat Enterprise Linux 7
0:1.20.4-27.el7_9
Red Hat/Red Hat Enterprise Linux 7
0:1.8.0-31.el7_9
Red Hat/Red Hat Enterprise Linux 8
0:1.13.1-2.el8_9.7
Red Hat/Red Hat Enterprise Linux 8
0:1.20.11-22.el8
Red Hat/Red Hat Enterprise Linux 8
0:21.1.3-15.el8
Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support
0:1.9.0-15.el8_2.9
Red Hat/Red Hat Enterprise Linux 8.2 Telecommunications Update Service
0:1.9.0-15.el8_2.9
Red Hat/Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
0:1.9.0-15.el8_2.9
... and 10 more
Published
Feb 28, 2024
Tracked Since
Feb 18, 2026