%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
CVE-2024-0229
Description
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
Published Date
Updated Date
Workaround
-
Advisories
https://access.redhat.com/errata/RHSA-2024:0320Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0557Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0558Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0597Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0607Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0614Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0617Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0621Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0626Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0629Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2169Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2170Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2995Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2996Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-0229Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2256690Issue Tracking
https://access.redhat.com/errata/RHSA-2024:0320Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0557Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0558Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0597Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0607Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0614Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0617Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0621Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0626Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0629Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2169Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2170Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2995Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2996Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-0229Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2256690Issue Tracking
Analysis#
Vulnerability Ratings#
7.8
CVSSv31
7.8
CVSSv31
NaN
other
Others affected components#
Resolved with patches#
xserver-xorg (yocto:kirkstone)
#
Title
Author
Resolve
1
Xi: require a pointer and keyboard device for
Peter Hutterer <peter.hutterer@who-t.net>
CVE-2024-0229
2
dix: fix DeviceStateNotify event calculation
Peter Hutterer <peter.hutterer@who-t.net>
CVE-2024-0229
3
Xi: when creating a new ButtonClass, set the number of
Peter Hutterer <peter.hutterer@who-t.net>
CVE-2024-0229
4
dix: Allocate sufficient xEvents for our DeviceStateNotify
Peter Hutterer <peter.hutterer@who-t.net>
CVE-2024-0229
xwayland (yocto:kirkstone)
#
Title
Author
Resolve
1
Xi: require a pointer and keyboard device for
Peter Hutterer <peter.hutterer@who-t.net>
CVE-2024-0229
2
dix: fix DeviceStateNotify event calculation
Peter Hutterer <peter.hutterer@who-t.net>
CVE-2024-0229
3
Xi: when creating a new ButtonClass, set the number of
Peter Hutterer <peter.hutterer@who-t.net>
CVE-2024-0229
4
dix: Allocate sufficient xEvents for our DeviceStateNotify
Peter Hutterer <peter.hutterer@who-t.net>
CVE-2024-0229