CVE-2024-0229 - Vulnerability Details

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fedoraproject	Fedora
Redhat	Enterprise Linux Enterprise Linux Aus Enterprise Linux Eus Enterprise Linux Tus Enterprise Linux Update Services For Sap Solutions Rhel Aus Rhel E4s Rhel Eus Rhel Tus
X.org	X Server Xwayland

Configuration 1 [-]

OR	cpe:2.3:a:x.org:x_server::::::::
	cpe:2.3:a:x.org:xwayland::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
xorg-x11-server-0:1.20.4-27.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2024:0320	2024-01-22T00:00:00Z
tigervnc-0:1.8.0-31.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2024:0629	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8
tigervnc-0:1.13.1-2.el8_9.7	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0607	2024-01-30T00:00:00Z
xorg-x11-server-0:1.20.11-22.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:2995	2024-05-22T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-15.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:2996	2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
tigervnc-0:1.9.0-15.el8_2.9	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:0617	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
tigervnc-0:1.9.0-15.el8_2.9	cpe:/a:redhat:rhel_tus:8.2	RHSA-2024:0617	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
tigervnc-0:1.9.0-15.el8_2.9	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2024:0617	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
tigervnc-0:1.11.0-8.el8_4.8	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:0558	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
tigervnc-0:1.11.0-8.el8_4.8	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:0558	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
tigervnc-0:1.11.0-8.el8_4.8	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:0558	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
tigervnc-0:1.12.0-6.el8_6.9	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:0621	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
tigervnc-0:1.12.0-15.el8_8.7	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:0597	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
tigervnc-0:1.13.1-3.el9_3.6	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:0557	2024-01-30T00:00:00Z
xorg-x11-server-0:1.20.11-24.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2169	2024-04-30T00:00:00Z
xorg-x11-server-Xwayland-0:22.1.9-5.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2170	2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
tigervnc-0:1.11.0-22.el9_0.8	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:0614	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
tigervnc-0:1.12.0-14.el9_2.5	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:0626	2024-01-31T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:0320
https://access.redhat.com/errata/RHSA-2024:0557
https://access.redhat.com/errata/RHSA-2024:0558
https://access.redhat.com/errata/RHSA-2024:0597
https://access.redhat.com/errata/RHSA-2024:0607
https://access.redhat.com/errata/RHSA-2024:0614
https://access.redhat.com/errata/RHSA-2024:0617
https://access.redhat.com/errata/RHSA-2024:0621
https://access.redhat.com/errata/RHSA-2024:0626
https://access.redhat.com/errata/RHSA-2024:0629
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2170
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:2996
https://access.redhat.com/security/cve/CVE-2024-0229
https://bugzilla.redhat.com/show_bug.cgi?id=2256690
https://nvd.nist.gov/vuln/detail/CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-0229

History

Sat, 23 Nov 2024 03:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-788

Tue, 29 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 18 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fedoraproject Fedoraproject fedora Redhat enterprise Linux Aus Redhat enterprise Linux Eus Redhat enterprise Linux Tus Redhat enterprise Linux Update Services For Sap Solutions X.org X.org x Server X.org xwayland
Weaknesses		CWE-787
CPEs		cpe:2.3:a:x.org:x_server:::::::: cpe:2.3:a:x.org:xwayland:::::::: cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_aus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_aus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_tus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_tus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
Vendors & Products		Fedoraproject Fedoraproject fedora Redhat enterprise Linux Aus Redhat enterprise Linux Eus Redhat enterprise Linux Tus Redhat enterprise Linux Update Services For Sap Solutions X.org X.org x Server X.org xwayland

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-02-09T06:29:51.542Z

Updated: 2024-11-25T09:41:51.424Z

Reserved: 2024-01-03T21:53:07.804Z

Link: CVE-2024-0229

Vulnrichment

Updated: 2024-08-01T17:41:16.397Z

NVD

Status : Modified

Published: 2024-02-09T07:16:00.107

Modified: 2024-11-23T03:15:07.287

Link: CVE-2024-0229

Redhat

Severity : Important

Publid Date: 2024-01-16T00:00:00Z

Links: CVE-2024-0229 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object