CVE-2024-0229
Published Feb 9, 2024
Last updated a month ago
Overview
- Description
- An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "049C23AF-DFA5-4F08-A3E6-BBBF75581F05",
"versionEndExcluding": "21.1.11"
},
{
"criteria": "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FE48099-1D7F-444E-8F0C-FAB71F25AD71",
"versionEndExcluding": "23.2.4"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7883DE07-470D-4160-9767-4F831B75B9A8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D5F4FA7-E5C5-4C23-BDA8-36A36972E4F4"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C24797C-0397-4D4F-ADC3-3B99095DBB35"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF14A415-15BD-4A6C-87CF-675E09390474"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15D3CC6E-3A8F-4694-B3CC-0DB12A3E9A0F"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E881C927-DF96-4D2E-9887-FF12E456B1FB"
}
],
"operator": "OR"
}
]
}
]