FKIE_CVE-2024-21885

Vulnerability from fkie_nvd - Published: 2024-02-28 13:15 - Updated: 2025-11-04 19:16
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0320
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0557
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0558
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0597
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0607
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0614
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0617
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0621
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0626
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0629
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2169
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2170
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2995
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2996
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:12751
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-21885
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2256540
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0320
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0557
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0558
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0597
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0607
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0614
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0617
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0621
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0626
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0629
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2169
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2170
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2995
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2996
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2024-21885
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2256540
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240503-0004/
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en el servidor X.Org. En la funci\u00f3n XISendDeviceHierarchyEvent, es posible exceder la longitud de la matriz asignada cuando se agregan ciertos ID de dispositivo nuevos a la estructura xXIHierarchyInfo. Esto puede desencadenar una condici\u00f3n de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, lo que puede provocar un bloqueo de la aplicaci\u00f3n o la ejecuci\u00f3n remota de c\u00f3digo en entornos de reenv\u00edo SSH X11."
    }
  ],
  "id": "CVE-2024-21885",
  "lastModified": "2025-11-04T19:16:31.010",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-02-28T13:15:08.197",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0320"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0557"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0558"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0597"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0607"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0614"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0617"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0621"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0626"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0629"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2169"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2170"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2995"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2996"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:12751"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21885"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240503-0004/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.