CVE-2024-0229 - Vulnerability Details

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00321.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fedoraproject	Fedora
Redhat	Enterprise Linux Enterprise Linux Aus Enterprise Linux Eus Enterprise Linux Tus Enterprise Linux Update Services For Sap Solutions Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus
X.org	X Server Xwayland

Configuration 1 [-]

OR	cpe:2.3:a:x.org:x_server::::::::
	cpe:2.3:a:x.org:xwayland::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
xorg-x11-server-0:1.20.4-27.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2024:0320	2024-01-22T00:00:00Z
tigervnc-0:1.8.0-31.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2024:0629	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8
tigervnc-0:1.13.1-2.el8_9.7	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0607	2024-01-30T00:00:00Z
xorg-x11-server-0:1.20.11-22.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:2995	2024-05-22T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-15.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:2996	2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
tigervnc-0:1.9.0-15.el8_2.9	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:0617	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
tigervnc-0:1.9.0-15.el8_2.9	cpe:/a:redhat:rhel_tus:8.2	RHSA-2024:0617	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
tigervnc-0:1.9.0-15.el8_2.9	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2024:0617	2024-01-31T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
tigervnc-0:1.11.0-8.el8_4.8	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:0558	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
tigervnc-0:1.11.0-8.el8_4.8	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:0558	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
tigervnc-0:1.11.0-8.el8_4.8	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:0558	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
tigervnc-0:1.12.0-6.el8_6.9	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:0621	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
tigervnc-0:1.12.0-15.el8_8.7	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:0597	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
tigervnc-0:1.13.1-3.el9_3.6	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:0557	2024-01-30T00:00:00Z
xorg-x11-server-0:1.20.11-24.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2169	2024-04-30T00:00:00Z
xorg-x11-server-Xwayland-0:22.1.9-5.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2170	2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
tigervnc-0:1.11.0-22.el9_0.8	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:0614	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
tigervnc-0:1.12.0-14.el9_2.5	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:0626	2024-01-31T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-3721-1	xorg-server security update
Debian DSA	DSA-5603-1	xorg-server security update
EUVD	EUVD-2024-16027	An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
Ubuntu USN	USN-6587-1	X.Org X Server vulnerabilities
Ubuntu USN	USN-6587-2	X.Org X Server vulnerabilities
Ubuntu USN	USN-6587-5	X.Org X Server vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:0320
https://access.redhat.com/errata/RHSA-2024:0557
https://access.redhat.com/errata/RHSA-2024:0558
https://access.redhat.com/errata/RHSA-2024:0597
https://access.redhat.com/errata/RHSA-2024:0607
https://access.redhat.com/errata/RHSA-2024:0614
https://access.redhat.com/errata/RHSA-2024:0617
https://access.redhat.com/errata/RHSA-2024:0621
https://access.redhat.com/errata/RHSA-2024:0626
https://access.redhat.com/errata/RHSA-2024:0629
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2170
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:2996
https://access.redhat.com/errata/RHSA-2025:12751
https://access.redhat.com/security/cve/CVE-2024-0229
https://bugzilla.redhat.com/show_bug.cgi?id=2256690
https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
https://nvd.nist.gov/vuln/detail/CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-0229

History

Tue, 04 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

Mon, 04 Aug 2025 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs		cpe:/o:redhat:rhel_els:6
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:12751

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00419}`	epss `{'score': 0.00395}`

Sat, 23 Nov 2024 03:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-788

Tue, 29 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 18 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fedoraproject Fedoraproject fedora Redhat enterprise Linux Aus Redhat enterprise Linux Eus Redhat enterprise Linux Tus Redhat enterprise Linux Update Services For Sap Solutions X.org X.org x Server X.org xwayland
Weaknesses		CWE-787
CPEs		cpe:2.3:a:x.org:x_server:::::::: cpe:2.3:a:x.org:xwayland:::::::: cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_aus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_aus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_tus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_tus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
Vendors & Products		Fedoraproject Fedoraproject fedora Redhat enterprise Linux Aus Redhat enterprise Linux Eus Redhat enterprise Linux Tus Redhat enterprise Linux Update Services For Sap Solutions X.org X.org x Server X.org xwayland

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-02-09T06:29:51.542Z

Updated: 2025-11-06T20:51:57.196Z

Reserved: 2024-01-03T21:53:07.804Z

Link: CVE-2024-0229

Vulnrichment

Updated: 2025-11-04T18:22:19.221Z

NVD

Status : Modified

Published: 2024-02-09T07:16:00.107

Modified: 2025-11-04T19:16:26.477

Link: CVE-2024-0229

Redhat

Severity : Important

Publid Date: 2024-01-16T00:00:00Z

Links: CVE-2024-0229 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object