RedHatRHSA-2024:2996(RHSA-2024:2996) Moderate: xorg-x11-server-Xwayland security update
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
96.1%
Xwayland is an X server for running X clients under Wayland.
Security Fix(es):
-
xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)
-
xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)
-
xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)
-
xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)
-
xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)
-
xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408)
-
xorg-x11-server: SELinux context corruption (CVE-2024-0409)
-
xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)
-
xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
96.1%