CVE-2024-0229
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
8.0
Description
Important: tigervnc security update
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Debian Security Tracker ยท View original โ ยท DFSG
CVE-2024-0229 NameCVE-2024-0229 DescriptionAn out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.โฆ
CVE-2024-0229
| Name | CVE-2024-0229 |
| Description | An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3721-1, DSA-5603-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| xorg-server (PTS) | bullseye | 2:1.20.11-1+deb11u13 | fixed |
| bullseye (security) | 2:1.20.11-1+deb11u17 | fixed | |
| bookworm | 2:21.1.7-3+deb12u12 | fixed | |
| bookworm (security) | 2:21.1.7-3+deb12u11 | fixed | |
| trixie | 2:21.1.16-1.3+deb13u2 | fixed | |
| trixie (security) | 2:21.1.16-1.3+deb13u1 | fixed | |
| forky | 2:21.1.22-1 | fixed | |
| sid | 2:21.1.23-1 | fixed | |
| xwayland (PTS) | bookworm | 2:22.1.9-1 | vulnerable |
| trixie | 2:24.1.6-1 | fixed | |
| forky | 2:24.1.11-1 | fixed | |
| sid | 2:24.1.12-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| xorg-server | source | buster | 2:1.20.4-1+deb10u13 | DLA-3721-1 | ||
| xorg-server | source | bullseye | 2:1.20.11-1+deb11u11 | DSA-5603-1 | ||
| xorg-server | source | bookworm | 2:21.1.7-3+deb12u5 | DSA-5603-1 | ||
| xorg-server | source | (unstable) | 2:21.1.11-1 | |||
| xwayland | source | (unstable) | 2:23.2.4-1 |
Notes
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
https://lists.x.org/archives/xorg/2024-January/061525.html
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ece23be888a93b741aa1209d1dbf64636109d6a5
https://gitlab.freedesktop.org/xorg/xserver/-/commit/219c54b8a3337456ce5270ded6a67bcde53553d5
https://gitlab.freedesktop.org/xorg/xserver/-/commit/df3c65706eb169d5938df0052059f3e0d5981b74
Apply commands
Notes
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)https://lists.x.org/archives/xorg/2024-January/061525.htmlhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/ece23be888a93b741aa1209d1dbf64636109d6a5https://gitlab.freedesktop.org/xorg/xserver/-/commit/219c54b8a3337456ce5270ded6a67bcde53553d5https://gitlab.freedesktop.org/xorg/xserver/-/commit/df3c65706eb169d5938df0052059f3e0d5981b74OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | tigervnc-1.13.1-3.el9_3.6.alma.1.aarch64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2:21.1.11-1 |
| sid | Fixed | 2:21.1.11-1 |
| forky | Fixed | 2:21.1.11-1 |
| bullseye | Fixed | 2:1.20.11-1+deb11u11 |
| bookworm | Fixed | 2:21.1.7-3+deb12u5 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
References
- https://access.redhat.com/errata/RHSA-2024:0557
- https://access.redhat.com/errata/RHSA-2024:2169
- https://access.redhat.com/errata/RHSA-2024:2170
- https://errata.rockylinux.org/RLSA-2024:0607
- https://www.suse.com/security/cve/CVE-2024-0229.html
- https://security-tracker.debian.org/tracker/CVE-2024-0229
- https://access.redhat.com/errata/RHSA-2024:0607
- https://bugzilla.redhat.com/2256540
- https://bugzilla.redhat.com/2256542
- https://bugzilla.redhat.com/2256690
- https://bugzilla.redhat.com/2257691
- https://errata.almalinux.org/8/ALSA-2024-0607.html
- https://errata.almalinux.org/9/ALSA-2024-0557.html
- https://access.redhat.com/errata/RHSA-2024:2995
- https://bugzilla.redhat.com/2243091
- https://bugzilla.redhat.com/2244736
- https://bugzilla.redhat.com/2253291
- https://bugzilla.redhat.com/2253298
- https://bugzilla.redhat.com/2257689
- https://bugzilla.redhat.com/2257690
- https://errata.almalinux.org/8/ALSA-2024-2995.html
- https://access.redhat.com/errata/RHSA-2024:2996
- https://errata.almalinux.org/8/ALSA-2024-2996.html
- https://errata.almalinux.org/9/ALSA-2024-2170.html
- https://errata.almalinux.org/9/ALSA-2024-2169.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.