CVE-2024-31083

CVSS V2 None CVSS V3 None
Description
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
Overview
  • CVE ID
  • CVE-2024-31083
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-04-05T12:04:49.414Z
  • Last Modified Date
  • 2024-06-20T14:32:44.924Z
Weakness Enumerations
CWE URL
CWE-416 http://cwe.mitre.org/data/definitions/416.html
References
Reference URL Reference Tags
http://www.openwall.com/lists/oss-security/2024/04/03/13
http://www.openwall.com/lists/oss-security/2024/04/12/10
https://access.redhat.com/errata/RHSA-2024:1785 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2036 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2037 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2038 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2039 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2040 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2041 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2042 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2080 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2616 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3258 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3261 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3343 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-31083 vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2272000 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TF7FZXOKHIKPZXYIMSQXKVH7WITKV3V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBLQJIAXEDMEGRGZMSH7CWUJHSVKUWLV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P73U4DAAWLFZAPD75GLXTGMSTTQWW5AP/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2024-31083
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31083
History
Created Old Value New Value Data Type Notes
2024-06-25 23:00:26 Added to TrackCVE