Lucene search
FreeBSD57561CFC-F24B-11EE-9730-001FC69CD6DCHistoryApr 03, 2024 - 12:00 a.m.
xorg server -- Multiple vulnerabilities
2024-04-0300:00:00
vuxml.freebsd.org
17
x.org
server
vulnerabilities
data leakage
buffer overread
user-after-free
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%
The X.Org project reports:
CVE-2024-31080: Heap buffer overread/data leakage in
ProcXIGetSelectedEvents
The ProcXIGetSelectedEvents() function uses the byte-swapped
length of the return data for the amount of data to return to
the client, if the client has a different endianness than
the X server.
CVE-2024-31081: Heap buffer overread/data leakage in
ProcXIPassiveGrabDevice
The ProcXIPassiveGrabDevice() function uses the byte-swapped
length of the return data for the amount of data to return to
the client, if the client has a different endianness than
the X server.
CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
The ProcRenderAddGlyphs() function calls the AllocateGlyph()
function to store new glyphs sent by the client to the X server.
AllocateGlyph() would return a new glyph with refcount=0 and
a re-used glyph would end up not changing the refcount at all.
The resulting glyph_new array would thus have multiple entries
pointing to the same non-refcounted glyphs.
ProcRenderAddGlyphs() may free a glyph, resulting in a
use-after-free when the same glyph pointer is then later used.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | xorg-server | < 21.1.12,1 | UNKNOWN |
| FreeBSD | any | noarch | xephyr | < 21.1.12,1 | UNKNOWN |
| FreeBSD | any | noarch | xorg-vfbserver | < 21.1.12,1 | UNKNOWN |
| FreeBSD | any | noarch | xorg-nextserver | < 21.1.12,2 | UNKNOWN |
| FreeBSD | any | noarch | xwayland | < 23.2.5 | UNKNOWN |
| FreeBSD | any | noarch | xwayland-devel | = 21.0.99.1.672 | UNKNOWN |
| FreeBSD | any | noarch | xwayland-devel | < 21.0.99.1.841_1 | UNKNOWN |
Related
nessus
nessus
Debian dla-3787 : xdmx - security update
2024-04-15 00:00:00
Amazon Linux 2 : tigervnc (ALAS-2024-2510)
2024-04-18 00:00:00
RHEL 9 : tigervnc (RHSA-2024:2616)
2024-04-30 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5657-1)
2024-04-15 00:00:00
Mageia: Security Advisory (MGASA-2024-0121)
2024-04-12 00:00:00
redhat
redhat
(RHSA-2024:2041) Important: tigervnc security update
2024-04-24 14:55:01
(RHSA-2024:2040) Important: tigervnc security update
2024-04-24 14:54:54
(RHSA-2024:2042) Important: tigervnc security update
2024-04-24 14:55:08
oraclelinux
oraclelinux
tigervnc security update
2024-05-07 00:00:00
tigervnc security update
2024-05-29 00:00:00
tigervnc security update
2024-04-24 00:00:00
osv
osv
Important: tigervnc security update
2024-05-10 14:32:42
Important: xorg-x11-server-Xwayland security update
2024-05-23 00:00:00
Important: tigervnc security update
2024-05-06 13:04:21
almalinux
almalinux
Important: tigervnc security update
2024-05-22 00:00:00
Important: tigervnc security update
2024-04-30 00:00:00
Moderate: xorg-x11-server security update
2024-05-22 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: xorg-x11-server-Xwayland-22.1.9-7.fc38
2024-04-24 01:36:56
[SECURITY] Fedora 40 Update: xorg-x11-server-Xwayland-23.2.6-1.fc40
2024-04-19 21:43:34
[SECURITY] Fedora 39 Update: xorg-x11-server-Xwayland-23.2.6-1.fc39
2024-04-24 01:18:17
debian
debian
[SECURITY] [DSA 5657-1] xorg-server security update
2024-04-12 20:32:08
[SECURITY] [DLA 3787-1] xorg-server security update
2024-04-15 13:22:45
amazon
amazon
Important: xorg-x11-server
2024-04-11 01:07:00
Important: tigervnc
2024-04-11 01:07:00
Important: xorg-x11-server
2024-04-11 01:43:00
rocky
rocky
tigervnc security update
2024-06-14 13:59:30
tigervnc security update
2024-05-06 13:04:21
tigervnc security update
2024-05-10 14:32:42
mageia
mageia
ubuntu
ubuntu
X.Org X Server regression
2024-04-09 00:00:00
X.Org X Server vulnerabilities
2024-04-04 00:00:00
slackware
slackware
[slackware-security] tigervnc
2024-04-05 20:14:40
[slackware-security] xorg-server
2024-04-03 22:25:44
redos
redos
ROS-20240507-07
2024-05-07 00:00:00
redhatcve
redhatcve
veracode
veracode
Buffer Over-read
2024-04-11 02:44:05
Use After Free
2024-04-11 02:44:08
Buffer Over-Read
2024-04-11 02:44:06
cgr
cgr
CVE-2024-31081 vulnerabilities
2024-05-19 03:07:16
CVE-2024-31080 vulnerabilities
2024-05-19 03:07:16
CVE-2024-31083 vulnerabilities
2024-05-19 03:07:16
cve
cve
debiancve
debiancve
cvelist
cvelist
CVE-2024-31080 Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents
2024-04-04 13:47:33
CVE-2024-31081 Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice
2024-04-04 13:48:12
CVE-2024-31083 Xorg-x11-server: use-after-free in procrenderaddglyphs
2024-04-05 12:04:49
nvd
nvd
wolfi
wolfi
CVE-2024-31080 vulnerabilities
2024-06-24 09:08:26
CVE-2024-31083 vulnerabilities
2024-06-24 09:08:26
CVE-2024-31081 vulnerabilities
2024-06-24 09:08:26
ubuntucve
ubuntucve
alpinelinux
alpinelinux
zdi
zdi
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%
Related for 57561CFC-F24B-11EE-9730-001FC69CD6DC