CVE-2024-21886

HIGH

X.Org Server - Buffer Overflow

Title source: llm

Description

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

References (22)

Core 22

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/TZ2IJJDHJETNE76VUX4G7UI5EG5HYFEH/

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0320

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0557

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0558

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0597

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0607

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0614

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2256542

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0617

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0621

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0626

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0629

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:2169

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:2170

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:2995

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:2996

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12751

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-21886

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 46.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-122

Status published

Products (20)

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.13

Red Hat/Red Hat Enterprise Linux 7 0:1.20.4-27.el7_9

Red Hat/Red Hat Enterprise Linux 7 0:1.8.0-31.el7_9

Red Hat/Red Hat Enterprise Linux 8 0:1.13.1-2.el8_9.7

Red Hat/Red Hat Enterprise Linux 8 0:1.20.11-22.el8

Red Hat/Red Hat Enterprise Linux 8 0:21.1.3-15.el8

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 0:1.9.0-15.el8_2.9

Red Hat/Red Hat Enterprise Linux 8.2 Telecommunications Update Service 0:1.9.0-15.el8_2.9

Red Hat/Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions 0:1.9.0-15.el8_2.9

... and 10 more

Published Feb 28, 2024

Tracked Since Feb 18, 2026