Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2024-21886

Published: January 17, 2024Last modified: April 15, 2024

Description

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

Severity score breakdown

ParameterValue
Base score7.8
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSxorg-serverFixed (21.1.12-r0)
Streamxorg-serverFixed (21.1.11-r0)

References

ON THIS PAGE