CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
10.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
access.redhat.com/errata/RHSA-2024:0320
access.redhat.com/errata/RHSA-2024:0557
access.redhat.com/errata/RHSA-2024:0558
access.redhat.com/errata/RHSA-2024:0597
access.redhat.com/errata/RHSA-2024:0607
access.redhat.com/errata/RHSA-2024:0614
access.redhat.com/errata/RHSA-2024:0617
access.redhat.com/errata/RHSA-2024:0621
access.redhat.com/errata/RHSA-2024:0626
access.redhat.com/errata/RHSA-2024:0629
access.redhat.com/errata/RHSA-2024:2169
access.redhat.com/errata/RHSA-2024:2170
access.redhat.com/errata/RHSA-2024:2995
access.redhat.com/errata/RHSA-2024:2996
access.redhat.com/security/cve/CVE-2024-21885
bugzilla.redhat.com/show_bug.cgi?id=2256540
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
10.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total