CVE-2024-31081

CVE Details

Release Date:

2024-04-03

Description

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

See more information about CVE-2024-31081 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	7.3	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	High
Integrity Impact:	Low	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (tigervnc)	ELSA-2024-2080	2024-04-29
Oracle Linux version 7 (xorg-x11-server)	ELSA-2024-1785	2024-04-11
Oracle Linux version 8 (tigervnc)	ELSA-2024-2037	2024-04-24
Oracle Linux version 8 (tigervnc)	ELSA-2024-3261	2024-05-29
Oracle Linux version 8 (xorg-x11-server)	ELSA-2024-3258	2024-05-29
Oracle Linux version 8 (xorg-x11-server-Xwayland)	ELSA-2024-3343	2024-05-29
Oracle Linux version 9 (tigervnc)	ELSA-2024-2616	2024-05-07
Oracle Linux version 9 (xorg-x11-server)	ELSA-2024-9122	2024-11-14
Oracle Linux version 9 (xorg-x11-server-Xwayland)	ELSA-2024-9093	2024-11-14