Lucene search

K

[email protected]NVD:CVE-2024-31080

HistoryApr 04, 2024 - 2:15 p.m.

CVE-2024-31080

2024-04-0414:15:10

CWE-126

[email protected]

web.nvd.nist.gov

1

x.org server

procxigetselectedevents

buffer over-read

memory leakage

segmentation faults

endianness

attacker

memory values

crash

out-of-bounds reads

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

A heap-based buffer over-read vulnerability was found in the X.org server’s ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker’s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

References

www.openwall.com/lists/oss-security/2024/04/03/13

www.openwall.com/lists/oss-security/2024/04/12/10

access.redhat.com/errata/RHSA-2024:1785

access.redhat.com/errata/RHSA-2024:2036

access.redhat.com/errata/RHSA-2024:2037

access.redhat.com/errata/RHSA-2024:2038

access.redhat.com/errata/RHSA-2024:2039

access.redhat.com/errata/RHSA-2024:2040

access.redhat.com/errata/RHSA-2024:2041

access.redhat.com/errata/RHSA-2024:2042

access.redhat.com/errata/RHSA-2024:2080

access.redhat.com/errata/RHSA-2024:2616

access.redhat.com/errata/RHSA-2024:3258

access.redhat.com/errata/RHSA-2024:3261

access.redhat.com/errata/RHSA-2024:3343

access.redhat.com/security/cve/CVE-2024-31080

bugzilla.redhat.com/show_bug.cgi?id=2271997

lists.debian.org/debian-lts-announce/2024/04/msg00009.html

lists.fedoraproject.org/archives/list/[email protected]/message/6TF7FZXOKHIKPZXYIMSQXKVH7WITKV3V/

lists.fedoraproject.org/archives/list/[email protected]/message/EBLQJIAXEDMEGRGZMSH7CWUJHSVKUWLV/

lists.fedoraproject.org/archives/list/[email protected]/message/P73U4DAAWLFZAPD75GLXTGMSTTQWW5AP/

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

Related for NVD:CVE-2024-31080

redhatcve1 veracode1 cve1 debiancve1 cvelist1 wolfi1 cgr1 alpinelinux1 ubuntucve1 freebsd1 osv14 amazon2 nessus44 oraclelinux7 rocky4 redhat13 openvas14 debian2 almalinux5 fedora3 mageia1 ubuntu2 redos1 slackware2