CVE-2024-0229

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions X.Org Server (affected versions not specified)

Description An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. The issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or remote code execution in SSH X11 forwarding environments. Exploitation of the vulnerability may allow an attacker to cause a denial of service or execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

RCE

Memory Corruption

Access of Memory Location After End of Buffer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-788

Related Identifiers

ALSA-2024:0557

ALSA-2024:0607

ALSA-2024:2169

ALSA-2024:2170

ALSA-2024:2995

ALSA-2024:2996

ALT-PU-2024-1181

ALT-PU-2024-1182

ALT-PU-2024-1183

ALT-PU-2024-3261

ALT-PU-2024-4743

ALT-PU-2024-4745

AZL-34214

AZL-44880

BDU:2024-00676

CESA-2024_0320

CESA-2024_0607

CESA-2024_0629

CESA-2024_2995

CESA-2024_2996

CVE-2024-0229

DLA-3721-1

DSA-5603-1

INFSA-2024_2169

INFSA-2024_2170

INFSA-2024_2995

INFSA-2024_2996

MGASA-2024-0022

OESA-2024-1102

OESA-2024-1597

OESA-2024-1598

OESA-2024-1600

OPENSUSE-SU-2024:13597-1

OPENSUSE-SU-2024:13598-1

RHSA-2024:0320

RHSA-2024:0557

RHSA-2024:0558

RHSA-2024:0597

RHSA-2024:0607

RHSA-2024:0614

RHSA-2024:0617

RHSA-2024:0621

RHSA-2024:0626

RHSA-2024:0629

RHSA-2024:2169

RHSA-2024:2170

RHSA-2024:2995

RHSA-2024:2996

RHSA-2024_0320

RHSA-2024_0557

RHSA-2024_0607

RHSA-2024_0629

RHSA-2024_2169

RHSA-2024_2170

RHSA-2024_2995

RHSA-2024_2996

RHSA-2025:12751

RLSA-2024:0607

ROSA-SA-2024-2351

ROSA-SA-2024-2352

ROSA-SA-2025-2575

ROSA-SA-2025-2576

SUSE-SU-2024:0109-1

SUSE-SU-2024:0111-1

SUSE-SU-2024:0114-1

SUSE-SU-2024:0116-1

SUSE-SU-2024:0121-1

SUSE-SU-2024:0165-1

USN-6587-1

USN-6587-2

USN-6587-3

USN-6587-4

USN-6587-5

ZDI-24-121

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

X.Org Server

CVE-2024-0229

Weakness Enumeration

Related Identifiers

Affected Products

References · 156