CVE-2024-0229 — Out-of-bounds Write in X Server

CWE-787 — Out-of-bounds Write CWE-788 — Access of Memory Location After End of Buffer16 documents9 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 44.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org Xwayland X.org X Server +6 more

Timeline

PublishedFeb 9

Latest updateMar 13

Description

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDx.org/x_server< 21.1.11

▶Debianx.org/xorg-server< 2:1.20.11-1+deb11u11+3

▶NVDx.org/xwayland< 23.2.4

▶Debianx.org/xwayland< 2:23.2.4-1+1

▶NVDredhat/enterprise_linux_update_services8.2, 8.4+1

Also affects: Fedora 39, Enterprise Linux 7.0, 8.0, 9.0, 8.2, 8.4, 8.6, 8.8, 9.2

🔴Vulnerability Details

CVEList

Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access↗2024-02-09

▶

OSV

CVE-2024-0229: An out-of-bounds memory access flaw was found in the X↗2024-02-09

▶

GHSA

GHSA-49wx-9h9f-8c9g: An out-of-bounds memory access flaw was found in the X↗2024-02-09

▶

OSV

xorg-server, xwayland regression↗2024-02-01

▶

OSV

xorg-server, xwayland regression↗2024-01-30

▶

📋Vendor Advisories

Ubuntu

X.Org X Server vulnerabilities↗2024-03-13

▶

Microsoft

Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access↗2024-02-13

▶

Ubuntu

X.Org X Server vulnerabilities↗2024-01-22

▶

BSD

OpenBSD 7.3 Errata 025: SECURITY FIX↗2024-01-16

▶

Ubuntu

X.Org X Server vulnerabilities↗2024-01-16

▶