Lucene search
AlmaLinuxALSA-2024:3343HistoryMay 23, 2024 - 12:00 a.m.
Important: xorg-x11-server-Xwayland security update
2024-05-2300:00:00
errata.almalinux.org
xwayland x_server wayland heap_buffer_overread data_leakage use-after-free cve_2024_31080 cve_2024_31081 cve_2024_31083 references unix
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%
Xwayland is an X server for running X clients under Wayland.
Security Fix(es):
- xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)
- xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)
- xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 8 | aarch64 | xorg-x11-server-xwayland | < 21.1.3-16.el8_10 | xorg-x11-server-Xwayland-21.1.3-16.el8_10.aarch64.rpm |
| almalinux | 8 | x86_64 | xorg-x11-server-xwayland | < 21.1.3-16.el8_10 | xorg-x11-server-Xwayland-21.1.3-16.el8_10.x86_64.rpm |
| almalinux | 8 | ppc64le | xorg-x11-server-xwayland | < 21.1.3-16.el8_10 | xorg-x11-server-Xwayland-21.1.3-16.el8_10.ppc64le.rpm |
| almalinux | 8 | s390x | xorg-x11-server-xwayland | < 21.1.3-16.el8_10 | xorg-x11-server-Xwayland-21.1.3-16.el8_10.s390x.rpm |
References
Related
redhat
redhat
(RHSA-2024:2038) Important: tigervnc security update
2024-04-24 14:54:40
(RHSA-2024:3343) Important: xorg-x11-server-Xwayland security update
2024-05-23 14:21:39
(RHSA-2024:2037) Important: tigervnc security update
2024-04-24 14:54:34
debian
debian
[SECURITY] [DSA 5657-1] xorg-server security update
2024-04-12 20:32:08
[SECURITY] [DLA 3787-1] xorg-server security update
2024-04-15 13:22:45
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xwayland (SUSE-SU-2024:1264-1)
2024-04-13 00:00:00
Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2024-583)
2024-04-17 00:00:00
Fedora 39 : xorg-x11-server-Xwayland (2024-5af98298c7)
2024-04-24 00:00:00
osv
osv
Important: tigervnc security update
2024-05-06 13:04:21
Important: tigervnc security update
2024-04-30 00:00:00
Moderate: xorg-x11-server security update
2024-05-22 00:00:00
almalinux
almalinux
Moderate: xorg-x11-server security update
2024-05-22 00:00:00
Important: tigervnc security update
2024-04-24 00:00:00
Important: tigervnc security update
2024-05-22 00:00:00
oraclelinux
oraclelinux
tigervnc security update
2024-05-29 00:00:00
xorg-x11-server-Xwayland security update
2024-05-29 00:00:00
X.Org server security update
2024-04-11 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0121)
2024-04-12 00:00:00
Debian: Security Advisory (DLA-3787-1)
2024-04-15 00:00:00
Debian: Security Advisory (DSA-5657-1)
2024-04-15 00:00:00
mageia
mageia
amazon
amazon
Important: tigervnc
2024-04-11 01:07:00
Important: xorg-x11-server
2024-04-11 01:07:00
Important: xorg-x11-server
2024-04-11 01:43:00
rocky
rocky
tigervnc security update
2024-05-06 13:04:21
tigervnc security update
2024-06-14 13:59:30
tigervnc security update
2024-05-10 14:32:42
freebsd
freebsd
xorg server -- Multiple vulnerabilities
2024-04-03 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: xorg-x11-server-Xwayland-22.1.9-7.fc38
2024-04-24 01:36:56
[SECURITY] Fedora 40 Update: xorg-x11-server-Xwayland-23.2.6-1.fc40
2024-04-19 21:43:34
[SECURITY] Fedora 39 Update: xorg-x11-server-Xwayland-23.2.6-1.fc39
2024-04-24 01:18:17
slackware
slackware
[slackware-security] xorg-server
2024-04-03 22:25:44
[slackware-security] tigervnc
2024-04-05 20:14:40
ubuntu
ubuntu
X.Org X Server vulnerabilities
2024-04-04 00:00:00
X.Org X Server regression
2024-04-09 00:00:00
redos
redos
ROS-20240507-07
2024-05-07 00:00:00
redhatcve
redhatcve
veracode
veracode
Buffer Over-read
2024-04-11 02:44:05
Buffer Over-Read
2024-04-11 02:44:06
Use After Free
2024-04-11 02:44:08
debiancve
debiancve
ubuntucve
ubuntucve
cgr
cgr
CVE-2024-31080 vulnerabilities
2024-05-19 03:07:16
CVE-2024-31081 vulnerabilities
2024-05-19 03:07:16
CVE-2024-31083 vulnerabilities
2024-05-19 03:07:16
alpinelinux
alpinelinux
nvd
nvd
cve
cve
cvelist
cvelist
CVE-2024-31080 Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents
2024-04-04 13:47:33
CVE-2024-31081 Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice
2024-04-04 13:48:12
CVE-2024-31083 Xorg-x11-server: use-after-free in procrenderaddglyphs
2024-04-05 12:04:49
wolfi
wolfi
CVE-2024-31080 vulnerabilities
2024-06-26 09:08:30
CVE-2024-31083 vulnerabilities
2024-06-26 09:08:30
CVE-2024-31081 vulnerabilities
2024-06-26 09:08:30
zdi
zdi
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%
Related for ALSA-2024:3343