CVE-2024-0229 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2024-0229?

CVE-2024-0229 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-0229?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org X Server, X.Org Xwayland, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Linux Aus.

Vulnerability Description

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
X.Org	X Server	< 21.1.11
X.Org	Xwayland	< 23.2.4
Fedoraproject	Fedora	39
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Aus	8.2
Redhat	Enterprise Linux Eus	8.6
Redhat	Enterprise Linux Tus	8.2
Redhat	Enterprise Linux Update Services For Sap Solutions	8.2

Related Weaknesses (CWE)

CWE-787

References

https://access.redhat.com/errata/RHSA-2024:0320Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0557Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0558Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0597Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0607Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0614Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0617Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0621Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0626Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0629Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2169Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2170Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2995Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2996Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12751

FAQ

What is CVE-2024-0229?

CVE-2024-0229 is a vulnerability with a CVSS score of 7.8 (HIGH). An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an...

How severe is CVE-2024-0229?

CVE-2024-0229 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-0229?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org X Server, X.Org Xwayland, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Linux Aus.