PRIOn knowledge basePRION:CVE-2024-21885Heap overflow
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
13.1%
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
References
access.redhat.com/errata/RHSA-2024:0320
access.redhat.com/errata/RHSA-2024:0557
access.redhat.com/errata/RHSA-2024:0558
access.redhat.com/errata/RHSA-2024:0597
access.redhat.com/errata/RHSA-2024:0607
access.redhat.com/errata/RHSA-2024:0614
access.redhat.com/errata/RHSA-2024:0617
access.redhat.com/errata/RHSA-2024:0621
access.redhat.com/errata/RHSA-2024:0626
access.redhat.com/errata/RHSA-2024:0629
access.redhat.com/security/cve/CVE-2024-21885
bugzilla.redhat.com/show_bug.cgi?id=2256540
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
13.1%