Fluid Attacks Database

Description

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	xwayland	>=0 <2:23.2.6-1	2:23.2.6-1
debian 14	xorg-server	>=0 <2:21.1.11-3	2:21.1.11-3
debian 12	xwayland	=2:22.1.9-1 \|\| =2:23.1.0-1 \|\| =2:23.1.1-1 \|\| =2:23.2.0-1 \|\| =2:23.2.1-1 \|\| =2:23.2.2-1 \|\| =2:23.2.3-1 \|\| =2:23.2.4-1 \|\| =2:23.2.6-1 \|\| =2:24.0.99.901-1 \|\| =2:24.1.0-1 \|\| =2:24.1.10-1 \|\| =2:24.1.11-1 \|\| =2:24.1.2-1 \|\| =2:24.1.3-1 \|\| =2:24.1.4-1 \|\| =2:24.1.4-2 \|\| =2:24.1.4-3 \|\| =2:24.1.5-1 \|\| =2:24.1.6-1 \|\| =2:24.1.8-1 \|\| =2:24.1.9-1	-
debian 11	xorg-server	=2:1.20.11-1 \|\| =2:1.20.11-1+deb11u1 \|\| =2:1.20.11-1+deb11u10 \|\| =2:1.20.11-1+deb11u11 \|\| =2:1.20.11-1+deb11u12 \|\| =2:1.20.11-1+deb11u2 \|\| =2:1.20.11-1+deb11u3 \|\| =2:1.20.11-1+deb11u4 \|\| =2:1.20.11-1+deb11u5 \|\| =2:1.20.11-1+deb11u6 \|\| =2:1.20.11-1+deb11u7 \|\| =2:1.20.11-1+deb11u8 \|\| =2:1.20.11-1+deb11u9 \|\| >=0 <2:1.20.11-1+deb11u13	2:1.20.11-1+deb11u13
debian 12	xorg-server	=2:21.1.7-3 \|\| =2:21.1.7-3+deb12u1 \|\| =2:21.1.7-3+deb12u2 \|\| =2:21.1.7-3+deb12u3 \|\| =2:21.1.7-3+deb12u4 \|\| =2:21.1.7-3+deb12u5 \|\| =2:21.1.7-3+deb12u6 \|\| >=0 <2:21.1.7-3+deb12u7	2:21.1.7-3+deb12u7
debian 13	xorg-server	>=0 <2:21.1.11-3	2:21.1.11-3
debian 14	xwayland	>=0 <2:23.2.6-1	2:23.2.6-1
rpm rhel9	xorg-x11-server-Xwayland	<0:23.2.7-1.el9	0:23.2.7-1.el9
rpm rhel9	tigervnc	<0:1.13.1-8.el9_4.3	0:1.13.1-8.el9_4.3
rpm rhel6	xorg-x11-server	-	-

1-10 of 20

Aliases

1. CVE-2024-310812. NVD-2024-310813. OSV-DEBIAN-2024-310814. OSV-2024-310815. SECURITY-TRACKER-CVE-2024-31081

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.