CVE-2024-31083

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Debian logo
Debian Releases
Debian Product
Codename
xorg-server
bullseye
2:1.20.11-1+deb11u13
fixed
bookworm
2:21.1.7-3+deb12u10
ignored
bullseye (security)
2:1.20.11-1+deb11u17
fixed
bookworm (security)
2:21.1.7-3+deb12u11
fixed
trixie (security)
2:21.1.16-1.3+deb13u1
fixed
trixie
2:21.1.16-1.3+deb13u1
fixed
forky
2:21.1.21-1
fixed
sid
2:21.1.21-1
fixed
xwayland
bookworm
ignored
trixie
2:24.1.6-1
fixed
forky
2:24.1.9-1
fixed
sid
2:24.1.9-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xorg
questing
not-affected
plucky
not-affected
oracular
not-affected
noble
not-affected
mantic
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
xorg-server
questing
Fixed 2:21.1.12-1ubuntu1
released
plucky
Fixed 2:21.1.12-1ubuntu1
released
oracular
Fixed 2:21.1.12-1ubuntu1
released
noble
Fixed 2:21.1.12-1ubuntu1
released
mantic
Fixed 2:21.1.7-3ubuntu2.9
released
jammy
Fixed 2:21.1.4-2ubuntu1.7~22.04.10
released
focal
Fixed 2:1.20.13-1ubuntu1~20.04.17
released
bionic
Fixed 2:1.19.6-1ubuntu4.15+esm8
released
xenial
Fixed 2:1.18.4-0ubuntu0.12+esm13
released
trusty
Fixed 2:1.15.1-0ubuntu2.11+esm11
released
xwayland
questing
not-affected
plucky
not-affected
oracular
not-affected
noble
not-affected
mantic
Fixed 2:23.2.0-1ubuntu0.6
released
jammy
Fixed 2:22.1.1-1ubuntu0.13
released
focal
dne
xorg-server-hwe-16.04
questing
dne
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
dne
xenial
needs-triage
xorg-server-hwe-18.04
questing
dne
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
needs-triage
xorg-hwe-16.04
questing
dne
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
dne
xenial
not-affected
xorg-hwe-18.04
questing
dne
plucky
dne
oracular
dne
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:1785
https://access.redhat.com/errata/RHSA-2024:2036
https://access.redhat.com/errata/RHSA-2024:2037
https://access.redhat.com/errata/RHSA-2024:2038
https://access.redhat.com/errata/RHSA-2024:2039
https://access.redhat.com/errata/RHSA-2024:2040
https://access.redhat.com/errata/RHSA-2024:2041
https://access.redhat.com/errata/RHSA-2024:2042
https://access.redhat.com/errata/RHSA-2024:2080
https://access.redhat.com/errata/RHSA-2024:2616
https://access.redhat.com/errata/RHSA-2024:3258
https://access.redhat.com/errata/RHSA-2024:3261
https://access.redhat.com/errata/RHSA-2024:3343
https://access.redhat.com/errata/RHSA-2024:9093
https://access.redhat.com/errata/RHSA-2024:9122
https://access.redhat.com/errata/RHSA-2025:12751
https://access.redhat.com/security/cve/CVE-2024-31083
https://bugzilla.redhat.com/show_bug.cgi?id=2272000
http://www.openwall.com/lists/oss-security/2024/04/03/13
http://www.openwall.com/lists/oss-security/2024/04/12/10
https://access.redhat.com/errata/RHSA-2024:1785
https://access.redhat.com/errata/RHSA-2024:2036
https://access.redhat.com/errata/RHSA-2024:2037
https://access.redhat.com/errata/RHSA-2024:2038
https://access.redhat.com/errata/RHSA-2024:2039
https://access.redhat.com/errata/RHSA-2024:2040
https://access.redhat.com/errata/RHSA-2024:2041
https://access.redhat.com/errata/RHSA-2024:2042
https://access.redhat.com/errata/RHSA-2024:2080
https://access.redhat.com/errata/RHSA-2024:2616
https://access.redhat.com/errata/RHSA-2024:3258
https://access.redhat.com/errata/RHSA-2024:3261
https://access.redhat.com/errata/RHSA-2024:3343
https://access.redhat.com/security/cve/CVE-2024-31083
https://bugzilla.redhat.com/show_bug.cgi?id=2272000
https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TF7FZXOKHIKPZXYIMSQXKVH7WITKV3V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBLQJIAXEDMEGRGZMSH7CWUJHSVKUWLV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P73U4DAAWLFZAPD75GLXTGMSTTQWW5AP/