CVE-2024-21886: Xorg-x11-server: heap buffer overflow in disabledevice
First published: Tue Jan 02 2024(Updated: )
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/xorg-server | <21.1.11 | 21.1.11 |
| redhat/xwayland | <23.2.4 | 23.2.4 |
| debian/xorg-server | 2:1.20.11-1+deb11u13 2:1.20.11-1+deb11u14 2:21.1.7-3+deb12u8 2:21.1.14-2 | |
| debian/xwayland | <=2:22.1.9-1 | 2:24.1.4-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:0320
- https://access.redhat.com/errata/RHSA-2024:0557
- https://access.redhat.com/errata/RHSA-2024:0558
- https://access.redhat.com/errata/RHSA-2024:0597
- https://access.redhat.com/errata/RHSA-2024:0607
- https://access.redhat.com/errata/RHSA-2024:0614
- https://access.redhat.com/errata/RHSA-2024:0617
- https://access.redhat.com/errata/RHSA-2024:0621
- https://access.redhat.com/errata/RHSA-2024:0626
- https://access.redhat.com/errata/RHSA-2024:0629
- https://access.redhat.com/errata/RHSA-2024:2169
- https://access.redhat.com/errata/RHSA-2024:2170
- https://access.redhat.com/errata/RHSA-2024:2995
- https://access.redhat.com/errata/RHSA-2024:2996
- https://access.redhat.com/security/cve/CVE-2024-21886
- https://bugzilla.redhat.com/show_bug.cgi?id=2256542
- https://gitlab.freedesktop.org/xorg/xserver/-/blob/8cce7f5d64d4f1027801892631b65b2c859cc559/dix/devices.c#L449
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2258935
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2258934
- https://launchpad.net/bugs/cve/CVE-2024-21886
- https://lists.x.org/archives/xorg/2024-January/061525.html
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/bc1fdbe46559dd947674375946bbef54dd0ce36b
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8
- https://gitlab.freedesktop.org/xorg/xserver/-/issues/1623
- https://security-tracker.debian.org/tracker/CVE-2024-21886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21886
- https://nvd.nist.gov/vuln/detail/CVE-2024-21886
- https://ubuntu.com/security/CVE-2024-21886
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/title
- agent/severity
- agent/author
- collector/nvd-api
- source/NVD
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-21886
- agent/software-canonical-lookup
- collector/launchpad-cve
- source/Launchpad
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- package-manager/redhat
- package-manager/debian