An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Fedoraproject
  • Fedora
Redhat
  • Enterprise Linux
  • Enterprise Linux Aus
  • Enterprise Linux Eus
  • Enterprise Linux Tus
  • Enterprise Linux Update Services For Sap Solutions
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Tus
X.org
  • X Server
  • Xwayland

Configuration 1 [-]

OR cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7
xorg-x11-server-0:1.20.4-27.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2024:0320 2024-01-22T00:00:00Z
tigervnc-0:1.8.0-31.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2024:0629 2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8
tigervnc-0:1.13.1-2.el8_9.7 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:0607 2024-01-30T00:00:00Z
xorg-x11-server-0:1.20.11-22.el8 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2995 2024-05-22T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-15.el8 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2996 2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
tigervnc-0:1.9.0-15.el8_2.9 cpe:/a:redhat:rhel_aus:8.2 RHSA-2024:0617 2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
tigervnc-0:1.9.0-15.el8_2.9 cpe:/a:redhat:rhel_tus:8.2 RHSA-2024:0617 2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
tigervnc-0:1.9.0-15.el8_2.9 cpe:/a:redhat:rhel_e4s:8.2 RHSA-2024:0617 2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
tigervnc-0:1.11.0-8.el8_4.8 cpe:/a:redhat:rhel_aus:8.4 RHSA-2024:0558 2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
tigervnc-0:1.11.0-8.el8_4.8 cpe:/a:redhat:rhel_tus:8.4 RHSA-2024:0558 2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
tigervnc-0:1.11.0-8.el8_4.8 cpe:/a:redhat:rhel_e4s:8.4 RHSA-2024:0558 2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
tigervnc-0:1.12.0-6.el8_6.9 cpe:/a:redhat:rhel_eus:8.6 RHSA-2024:0621 2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
tigervnc-0:1.12.0-15.el8_8.7 cpe:/a:redhat:rhel_eus:8.8 RHSA-2024:0597 2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
tigervnc-0:1.13.1-3.el9_3.6 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:0557 2024-01-30T00:00:00Z
xorg-x11-server-0:1.20.11-24.el9 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2169 2024-04-30T00:00:00Z
xorg-x11-server-Xwayland-0:22.1.9-5.el9 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2170 2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
tigervnc-0:1.11.0-22.el9_0.8 cpe:/a:redhat:rhel_eus:9.0 RHSA-2024:0614 2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
tigervnc-0:1.12.0-14.el9_2.5 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:0626 2024-01-31T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2024:0320 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0557 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0558 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0597 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0607 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0614 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0617 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0621 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0626 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0629 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2169 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2170 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2995 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2996 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-0229 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2256690 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-0229 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-0229 cve-icon
History

Tue, 29 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 18 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Fedoraproject
Fedoraproject fedora
Redhat enterprise Linux Aus
Redhat enterprise Linux Eus
Redhat enterprise Linux Tus
Redhat enterprise Linux Update Services For Sap Solutions
X.org
X.org x Server
X.org xwayland
Weaknesses CWE-787
CPEs cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
Vendors & Products Fedoraproject
Fedoraproject fedora
Redhat enterprise Linux Aus
Redhat enterprise Linux Eus
Redhat enterprise Linux Tus
Redhat enterprise Linux Update Services For Sap Solutions
X.org
X.org x Server
X.org xwayland
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-02-09T06:29:51.542Z

Updated: 2024-10-29T14:31:56.224Z

Reserved: 2024-01-03T21:53:07.804Z

Link: CVE-2024-0229

cve-icon Vulnrichment

Updated: 2024-08-01T17:41:16.397Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-09T07:16:00.107

Modified: 2024-10-18T13:49:32.090

Link: CVE-2024-0229

cve-icon Redhat

Severity : Important

Publid Date: 2024-01-16T00:00:00Z

Links: CVE-2024-0229 - Bugzilla