Lucene search

K

[email protected]CVE-2024-31083

HistoryApr 05, 2024 - 12:15 p.m.

CVE-2024-31083

2024-04-0512:15:37

CWE-416

[email protected]

web.nvd.nist.gov

177

xorg servers

use-after-free

procrenderaddglyphs

allocateglyph

authenticated attacker

arbitrary code

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.0%

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.

References

www.openwall.com/lists/oss-security/2024/04/03/13

www.openwall.com/lists/oss-security/2024/04/12/10

access.redhat.com/errata/RHSA-2024:1785

access.redhat.com/errata/RHSA-2024:2036

access.redhat.com/errata/RHSA-2024:2037

access.redhat.com/errata/RHSA-2024:2038

access.redhat.com/errata/RHSA-2024:2039

access.redhat.com/errata/RHSA-2024:2040

access.redhat.com/errata/RHSA-2024:2041

access.redhat.com/errata/RHSA-2024:2042

access.redhat.com/errata/RHSA-2024:2080

access.redhat.com/errata/RHSA-2024:2616

access.redhat.com/errata/RHSA-2024:3258

access.redhat.com/errata/RHSA-2024:3261

access.redhat.com/errata/RHSA-2024:3343

access.redhat.com/security/cve/CVE-2024-31083

bugzilla.redhat.com/show_bug.cgi?id=2272000

lists.debian.org/debian-lts-announce/2024/04/msg00009.html

lists.fedoraproject.org/archives/list/[email protected]/message/6TF7FZXOKHIKPZXYIMSQXKVH7WITKV3V/

lists.fedoraproject.org/archives/list/[email protected]/message/EBLQJIAXEDMEGRGZMSH7CWUJHSVKUWLV/

lists.fedoraproject.org/archives/list/[email protected]/message/P73U4DAAWLFZAPD75GLXTGMSTTQWW5AP/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.0%

Related for CVE-2024-31083

amazon4 alpinelinux1 mageia2 debiancve1 cgr1 wolfi1 nessus42 zdi1 veracode1 ubuntucve1 cvelist1 redhatcve1 openvas13 oraclelinux4 freebsd1 redhat13 osv8 rocky2 debian2 almalinux2 fedora3 ubuntu2 redos1 slackware2