{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0229", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-01-03T21:53:07.804Z", "datePublished": "2024-02-09T06:29:51.542Z", "dateUpdated": "2024-11-25T09:41:51.424Z"}, "containers": {"cna": {"title": "Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments."}], "affected": [{"versions": [{"status": "affected", "version": "21.1.0", "lessThan": "21.1.11", "versionType": "semver"}], "packageName": "xorg-server", "collectionURL": "https://gitlab.freedesktop.org/xorg/xserver", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "versions": [{"version": "0:1.20.4-27.el7_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.8.0-31.el7_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.13.1-2.el8_9.7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "versions": [{"version": "0:1.20.11-22.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "versions": [{"version": "0:21.1.3-15.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.9.0-15.el8_2.9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.9.0-15.el8_2.9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.9.0-15.el8_2.9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.11.0-8.el8_4.8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.11.0-8.el8_4.8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.11.0-8.el8_4.8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.12.0-6.el8_6.9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.12.0-15.el8_8.7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.13.1-3.el9_3.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "versions": [{"version": "0:1.20.11-24.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "versions": [{"version": "0:22.1.9-5.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.11.0-22.el9_0.8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.12.0-14.el9_2.5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0320", "name": "RHSA-2024:0320", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0557", "name": "RHSA-2024:0557", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0558", "name": "RHSA-2024:0558", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0597", "name": "RHSA-2024:0597", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0607", "name": "RHSA-2024:0607", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0614", "name": "RHSA-2024:0614", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0617", "name": "RHSA-2024:0617", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0621", "name": "RHSA-2024:0621", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0626", "name": "RHSA-2024:0626", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0629", "name": "RHSA-2024:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2169", "name": "RHSA-2024:2169", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2170", "name": "RHSA-2024:2170", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2995", "name": "RHSA-2024:2995", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2996", "name": "RHSA-2024:2996", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0229", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690", "name": "RHBZ#2256690", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-01-16T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-787: Out-of-bounds Write", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-01-03T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-16T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-25T09:41:51.424Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T17:41:16.397Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0320", "name": "RHSA-2024:0320", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0557", "name": "RHSA-2024:0557", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0558", "name": "RHSA-2024:0558", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0597", "name": "RHSA-2024:0597", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0607", "name": "RHSA-2024:0607", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0614", "name": "RHSA-2024:0614", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0617", "name": "RHSA-2024:0617", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0621", "name": "RHSA-2024:0621", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0626", "name": "RHSA-2024:0626", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0629", "name": "RHSA-2024:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2169", "name": "RHSA-2024:2169", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2170", "name": "RHSA-2024:2170", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2995", "name": "RHSA-2024:2995", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2996", "name": "RHSA-2024:2996", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0229", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690", "name": "RHBZ#2256690", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-12T16:50:56.761255Z", "id": "CVE-2024-0229", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T14:31:56.224Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0320", "name": "RHSA-2024:0320", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0557", "name": "RHSA-2024:0557", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0558", "name": "RHSA-2024:0558", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0597", "name": "RHSA-2024:0597", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0607", "name": "RHSA-2024:0607", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0614", "name": "RHSA-2024:0614", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0617", "name": "RHSA-2024:0617", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0621", "name": "RHSA-2024:0621", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0626", "name": "RHSA-2024:0626", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0629", "name": "RHSA-2024:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2169", "name": "RHSA-2024:2169", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2170", "name": "RHSA-2024:2170", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2995", "name": "RHSA-2024:2995", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2996", "name": "RHSA-2024:2996", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0229", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690", "name": "RHBZ#2256690", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T17:41:16.397Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-12T16:50:56.761255Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T14:31:51.579Z"}}], "cna": {"title": "Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access", "credits": [{"lang": "en", "value": "Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "21.1.0", "lessThan": "21.1.11", "versionType": "semver"}], "packageName": "xorg-server", "collectionURL": "https://gitlab.freedesktop.org/xorg/xserver", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "versions": [{"status": "unaffected", "version": "0:1.20.4-27.el7_9", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "versions": [{"status": "unaffected", "version": "0:1.8.0-31.el7_9", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:1.13.1-2.el8_9.7", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:1.20.11-22.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:21.1.3-15.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server-Xwayland", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "0:1.9.0-15.el8_2.9", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:1.9.0-15.el8_2.9", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:1.9.0-15.el8_2.9", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:1.11.0-8.el8_4.8", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:1.11.0-8.el8_4.8", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:1.11.0-8.el8_4.8", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:1.12.0-6.el8_6.9", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:1.12.0-15.el8_8.7", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:1.13.1-3.el9_3.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:1.20.11-24.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:22.1.9-5.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server-Xwayland", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:1.11.0-22.el9_0.8", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:1.12.0-14.el9_2.5", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2024-01-03T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-16T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-01-16T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0320", "name": "RHSA-2024:0320", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0557", "name": "RHSA-2024:0557", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0558", "name": "RHSA-2024:0558", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0597", "name": "RHSA-2024:0597", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0607", "name": "RHSA-2024:0607", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0614", "name": "RHSA-2024:0614", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0617", "name": "RHSA-2024:0617", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0621", "name": "RHSA-2024:0621", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0626", "name": "RHSA-2024:0626", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0629", "name": "RHSA-2024:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2169", "name": "RHSA-2024:2169", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2170", "name": "RHSA-2024:2170", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2995", "name": "RHSA-2024:2995", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2996", "name": "RHSA-2024:2996", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0229", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690", "name": "RHBZ#2256690", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-25T09:41:51.424Z"}, "x_redhatCweChain": "CWE-787: Out-of-bounds Write"}}, "cveMetadata": {"cveId": "CVE-2024-0229", "state": "PUBLISHED", "dateUpdated": "2024-11-25T09:41:51.424Z", "dateReserved": "2024-01-03T21:53:07.804Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-02-09T06:29:51.542Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "049C23AF-DFA5-4F08-A3E6-BBBF75581F05", "versionEndExcluding": "21.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE48099-1D7F-444E-8F0C-FAB71F25AD71", "versionEndExcluding": "23.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "7883DE07-470D-4160-9767-4F831B75B9A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D5F4FA7-E5C5-4C23-BDA8-36A36972E4F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "9C24797C-0397-4D4F-ADC3-3B99095DBB35", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "BF14A415-15BD-4A6C-87CF-675E09390474", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "15D3CC6E-3A8F-4694-B3CC-0DB12A3E9A0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E881C927-DF96-4D2E-9887-FF12E456B1FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de acceso a la memoria fuera de los l\u00edmites en el servidor X.Org. Este problema puede desencadenarse cuando un dispositivo congelado por una captura de sincronizaci\u00f3n se vuelve a conectar a un dispositivo maestro diferente. Este problema puede provocar una falla de la aplicaci\u00f3n, una escalada de privilegios locales (si el servidor se ejecuta con privilegios extendidos) o la ejecuci\u00f3n remota de c\u00f3digo en entornos de reenv\u00edo SSH X11."}], "id": "CVE-2024-0229", "lastModified": "2024-11-23T03:15:07.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-09T07:16:00.107", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0320"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0557"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0558"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0597"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0607"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0614"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0617"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0621"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0626"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0629"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:2169"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:2170"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:2995"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:2996"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-0229"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0557"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0614"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0626"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:2169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:2170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:2995"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:2996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-0229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter.", "affected_release": [{"advisory": "RHSA-2024:0320", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-server-0:1.20.4-27.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0629", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "tigervnc-0:1.8.0-31.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:0607", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "tigervnc-0:1.13.1-2.el8_9.7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:2995", "cpe": "cpe:/a:redhat:enterprise_linux:8", "impact": "moderate", "package": "xorg-x11-server-0:1.20.11-22.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2996", "cpe": "cpe:/a:redhat:enterprise_linux:8", "impact": "moderate", "package": "xorg-x11-server-Xwayland-0:21.1.3-15.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:0617", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "tigervnc-0:1.9.0-15.el8_2.9", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:0617", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "tigervnc-0:1.9.0-15.el8_2.9", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:0617", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "tigervnc-0:1.9.0-15.el8_2.9", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:0558", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "tigervnc-0:1.11.0-8.el8_4.8", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0558", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "tigervnc-0:1.11.0-8.el8_4.8", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0558", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "tigervnc-0:1.11.0-8.el8_4.8", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0621", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "tigervnc-0:1.12.0-6.el8_6.9", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0597", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "tigervnc-0:1.12.0-15.el8_8.7", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0557", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "tigervnc-0:1.13.1-3.el9_3.6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:2169", "cpe": "cpe:/a:redhat:enterprise_linux:9", "impact": "moderate", "package": "xorg-x11-server-0:1.20.11-24.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2170", "cpe": "cpe:/a:redhat:enterprise_linux:9", "impact": "moderate", "package": "xorg-x11-server-Xwayland-0:22.1.9-5.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:0614", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "tigervnc-0:1.11.0-22.el9_0.8", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0626", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "tigervnc-0:1.12.0-14.el9_2.5", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-01-31T00:00:00Z"}], "bugzilla": {"description": "xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access", "id": "2256690", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.", "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-0229", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2024-01-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-0229\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0229"], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "threat_severity": "Important"}