Lucene search
Ubuntu.comUB:CVE-2024-31080HistoryMar 04, 2024 - 12:00 a.m.
CVE-2024-31080
2024-03-0400:00:00
ubuntu.com
ubuntu.com
8
x.org server
procxigetselectedevents
heap-based buffer
memory leakage
segmentation faults
endianness
crash
out-of-bounds reads
A heap-based buffer over-read vulnerability was found in the X.org server’s
ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped
length values are used in replies, potentially leading to memory leakage
and segmentation faults, particularly when triggered by a client with a
different endianness. This vulnerability could be exploited by an attacker
to cause the X server to read heap memory values and then transmit them
back to the client until encountering an unmapped page, resulting in a
crash. Despite the attacker’s inability to control the specific memory
copied into the replies, the small length values typically stored in a
32-bit integer can result in significant attempted out-of-bounds reads.
Notes
| Author | Note |
|---|---|
| mdeslaur | xorg server is actually the xorg-server package the xorg package only contains docs xwayland package contains parts of xorg-server |
| leosilva | introduced in xorg-server-1.7.0 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | xorg-server | < 2:1.19.6-1ubuntu4.15+esm7 | UNKNOWN |
| ubuntu | 20.04 | noarch | xorg-server | < 2:1.20.13-1ubuntu1~20.04.16 | UNKNOWN |
| ubuntu | 22.04 | noarch | xorg-server | < 2:21.1.4-2ubuntu1.7~22.04.9 | UNKNOWN |
| ubuntu | 23.10 | noarch | xorg-server | < 2:21.1.7-3ubuntu2.8 | UNKNOWN |
| ubuntu | 24.04 | noarch | xorg-server | < 2:21.1.12-1ubuntu1 | UNKNOWN |
| ubuntu | 14.04 | noarch | xorg-server | < 2:1.15.1-0ubuntu2.11+esm11 | UNKNOWN |
| ubuntu | 16.04 | noarch | xorg-server | < 2:1.18.4-0ubuntu0.12+esm12 | UNKNOWN |
| ubuntu | 16.04 | noarch | xorg-server-hwe-16.04 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | xorg-server-hwe-18.04 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | xwayland | < 2:22.1.1-1ubuntu0.12 | UNKNOWN |
Related
redhatcve
redhatcve
CVE-2024-31080
2024-04-04 08:37:31
veracode
veracode
Buffer Over-read
2024-04-11 02:44:05
cvelist
cvelist
cve
cve
CVE-2024-31080
2024-04-04 14:15:10
debiancve
debiancve
CVE-2024-31080
2024-04-04 14:15:10
wolfi
wolfi
CVE-2024-31080 vulnerabilities
2024-06-02 09:07:39
cgr
cgr
CVE-2024-31080 vulnerabilities
2024-05-19 03:07:16
alpinelinux
alpinelinux
CVE-2024-31080
2024-04-04 14:15:10
nessus
nessus
Oracle Linux 7 : tigervnc (ELSA-2024-2080)
2024-04-29 00:00:00
Fedora 38 : xorg-x11-server-Xwayland (2024-1706127797)
2024-04-24 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3787-1)
2024-04-15 00:00:00
Mageia: Security Advisory (MGASA-2024-0121)
2024-04-12 00:00:00
Debian: Security Advisory (DSA-5657-1)
2024-04-15 00:00:00
redhat
redhat
(RHSA-2024:3261) Important: tigervnc security update
2024-05-22 10:41:22
(RHSA-2024:3258) Moderate: xorg-x11-server security update
2024-05-22 10:41:21
(RHSA-2024:2080) Important: tigervnc security update
2024-04-29 01:07:43
amazon
amazon
Important: xorg-x11-server
2024-04-11 01:07:00
Important: tigervnc
2024-04-11 01:07:00
freebsd
freebsd
xorg server -- Multiple vulnerabilities
2024-04-03 00:00:00
oraclelinux
oraclelinux
X.Org server security update
2024-04-11 00:00:00
tigervnc security update
2024-04-24 00:00:00
tigervnc security update
2024-04-29 00:00:00
rocky
rocky
tigervnc security update
2024-05-10 14:32:42
tigervnc security update
2024-05-06 13:04:21
osv
osv
Important: tigervnc security update
2024-05-06 13:04:21
Important: tigervnc security update
2024-05-22 00:00:00
Moderate: xorg-x11-server security update
2024-05-22 00:00:00
almalinux
almalinux
Important: xorg-x11-server-Xwayland security update
2024-05-23 00:00:00
Moderate: xorg-x11-server security update
2024-05-22 00:00:00
Important: tigervnc security update
2024-05-22 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: xorg-x11-server-Xwayland-22.1.9-7.fc38
2024-04-24 01:36:56
[SECURITY] Fedora 40 Update: xorg-x11-server-Xwayland-23.2.6-1.fc40
2024-04-19 21:43:34
[SECURITY] Fedora 39 Update: xorg-x11-server-Xwayland-23.2.6-1.fc39
2024-04-24 01:18:17
mageia
mageia
ubuntu
ubuntu
X.Org X Server regression
2024-04-09 00:00:00
redos
redos
ROS-20240507-07
2024-05-07 00:00:00
slackware
slackware
[slackware-security] xorg-server
2024-04-03 22:25:44
[slackware-security] tigervnc
2024-04-05 20:14:40