What is the severity of CVE-2024-21885?

CVE-2024-21885 is classified as a high severity vulnerability due to the potential for a heap buffer overflow.

How do I fix CVE-2024-21885?

To remediate CVE-2024-21885, update the X.Org server to version 21.1.11 or the Xwayland to version 23.2.4, or apply the specified patches from your Linux distribution.

What impact does CVE-2024-21885 have on my system?

CVE-2024-21885 can lead to application crashes or arbitrary code execution due to a heap buffer overflow caused by adding certain new device IDs.

Which software versions are affected by CVE-2024-21885?

CVE-2024-21885 affects specific versions of the X.Org server and Xwayland, particularly those before the fixed versions of 21.1.11 and 23.2.4 respectively.

Is there a known exploit for CVE-2024-21885?

As of now, there are no publicly available exploits specifically targeting CVE-2024-21885, but the vulnerability itself poses significant risk.

Vulnerability/
CVE-2024-21885

high

7.8

CWE

119 122 120

2/1/2024

28/2/2024

22/4/2025

CVE-2024-21885: Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

First published: Tue Jan 02 2024(Updated: )

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/xorg-server	<21.1.11	21.1.11
redhat/xwayland	<23.2.4	23.2.4
debian/xorg-server		2:1.20.11-1+deb11u13 2:1.20.11-1+deb11u15 2:21.1.7-3+deb12u9 2:21.1.16-1
debian/xwayland	<=2:22.1.9-1	2:24.1.6-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-21885?
CVE-2024-21885 is classified as a high severity vulnerability due to the potential for a heap buffer overflow.
How do I fix CVE-2024-21885?
To remediate CVE-2024-21885, update the X.Org server to version 21.1.11 or the Xwayland to version 23.2.4, or apply the specified patches from your Linux distribution.
What impact does CVE-2024-21885 have on my system?
CVE-2024-21885 can lead to application crashes or arbitrary code execution due to a heap buffer overflow caused by adding certain new device IDs.
Which software versions are affected by CVE-2024-21885?
CVE-2024-21885 affects specific versions of the X.Org server and Xwayland, particularly those before the fixed versions of 21.1.11 and 23.2.4 respectively.
Is there a known exploit for CVE-2024-21885?
As of now, there are no publicly available exploits specifically targeting CVE-2024-21885, but the vulnerability itself poses significant risk.

agent/type
agent/first-publish-date
agent/title
agent/severity
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-21885
agent/software-canonical-lookup
collector/launchpad-cve
source/Launchpad
agent/weakness
collector/nvd-api
source/NVD
collector/usn-cve
source/Ubuntu
agent/references
agent/description
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-cve
agent/trending
agent/softwarecombine
agent/source
agent/tags
collector/security-tracker-debian
source/Debian
package-manager/redhat
package-manager/debian