Permalink
CVE-2024-31082
7.3 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap
A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
References
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/04/03/13
- http://www.openwall.com/lists/oss-security/2024/04/12/10
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/04/03/13
- http://www.openwall.com/lists/oss-security/2024/04/12/10
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html
- http://www.openwall.com/lists/oss-security/2024/04/03/13
- http://www.openwall.com/lists/oss-security/2024/04/12/10
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html
- http://www.openwall.com/lists/oss-security/2024/04/03/13
- http://www.openwall.com/lists/oss-security/2024/04/12/10
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html
- http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/03/13
- http://www.openwall.com/lists/oss-security/2024/04/12/10
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html
- http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/03/13
- http://www.openwall.com/lists/oss-security/2024/04/12/10
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html
- http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html
- http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html
- http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html
- https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
- http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
- https://access.redhat.com/security/cve/CVE-2024-31082 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
Affected products
tigervnc
xorg-server
- <21.1.12
- ==21.1.12
xorg-x11-server
xorg-x11-server-Xwayland