CVE-2024-21885 Information
Description
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
Reference
https://access.redhat.com/errata/RHSA-2024:0320 https://access.redhat.com/errata/RHSA-2024:0557 https://access.redhat.com/errata/RHSA-2024:0558 https://access.redhat.com/errata/RHSA-2024:0597 https://access.redhat.com/errata/RHSA-2024:0607 https://access.redhat.com/errata/RHSA-2024:0614 https://access.redhat.com/errata/RHSA-2024:0617 https://access.redhat.com/errata/RHSA-2024:0621 https://access.redhat.com/errata/RHSA-2024:0626 https://access.redhat.com/errata/RHSA-2024:0629 https://access.redhat.com/security/cve/CVE-2024-21885 https://bugzilla.redhat.com/show_bug.cgi?id=2256540
Share on: