← Back to CVEs
CVE-2024-21886
HIGH7.8
Description
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published2/28/2024
Last Modified11/4/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-122
References
https://access.redhat.com/errata/RHSA-2024:0320(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:0557(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:0558(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:0597(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:0607(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:0614(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:0617(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:0621(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:0626(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:0629(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:2169(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:2170(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:2995(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:2996(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:12751(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2024-21886(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2256542(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2024:0320(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0557(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0558(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0597(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0607(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0614(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0617(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0621(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0626(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0629(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2169(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2170(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2995(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2996(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2024-21886(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2256542(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZ2IJJDHJETNE76VUX4G7UI5EG5HYFEH/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.