CVE-2024-21886

2024-01-1600:00:00

ubuntu.com

x.org server

disabledevice function

heap buffer overflow

application crash

remote code execution

ssh x11 forwarding

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

A heap buffer overflow flaw was found in the DisableDevice function in the
X.Org server. This issue may lead to an application crash or, in some
circumstances, remote code execution in SSH X11 forwarding environments.

Notes

Author	Note
mdeslaur	xorg server is actually the xorg-server package the xorg package only contains docs xwayland package contains parts of xorg-server

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxorg-server< 2:1.19.6-1ubuntu4.15+esm4UNKNOWN
ubuntu20.04noarchxorg-server< 2:1.20.13-1ubuntu1~20.04.14UNKNOWN
ubuntu22.04noarchxorg-server< 2:21.1.4-2ubuntu1.7~22.04.7UNKNOWN
ubuntu23.04noarchxorg-server< 2:21.1.7-1ubuntu3.6UNKNOWN
ubuntu23.10noarchxorg-server< 2:21.1.7-3ubuntu2.6UNKNOWN
ubuntu24.04noarchxorg-server< 2:21.1.11-1ubuntu1UNKNOWN
ubuntu14.04noarchxorg-server< 2:1.15.1-0ubuntu2.11+esm9UNKNOWN
ubuntu16.04noarchxorg-server< 2:1.18.4-0ubuntu0.12+esm9UNKNOWN
ubuntu16.04noarchxorg-server-hwe-16.04< anyUNKNOWN
ubuntu18.04noarchxorg-server-hwe-18.04< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	xorg-server	< 2:1.19.6-1ubuntu4.15+esm4	UNKNOWN
ubuntu	20.04	noarch	xorg-server	< 2:1.20.13-1ubuntu1~20.04.14	UNKNOWN
ubuntu	22.04	noarch	xorg-server	< 2:21.1.4-2ubuntu1.7~22.04.7	UNKNOWN
ubuntu	23.04	noarch	xorg-server	< 2:21.1.7-1ubuntu3.6	UNKNOWN
ubuntu	23.10	noarch	xorg-server	< 2:21.1.7-3ubuntu2.6	UNKNOWN
ubuntu	24.04	noarch	xorg-server	< 2:21.1.11-1ubuntu1	UNKNOWN
ubuntu	14.04	noarch	xorg-server	< 2:1.15.1-0ubuntu2.11+esm9	UNKNOWN
ubuntu	16.04	noarch	xorg-server	< 2:1.18.4-0ubuntu0.12+esm9	UNKNOWN
ubuntu	16.04	noarch	xorg-server-hwe-16.04	< any	UNKNOWN
ubuntu	18.04	noarch	xorg-server-hwe-18.04	< any	UNKNOWN