CVE-2024-31080

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-31080

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31080.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-31080

Downstream

BELL-CVE-2024-31080

DEBIAN-CVE-2024-31080

DLA-3787-1

DSA-5657-1

OESA-2024-1416

OESA-2024-1548

OESA-2024-1556

OESA-2024-1557

RHSA-2024:1785

RHSA-2024:2036

RHSA-2024:2037

RHSA-2024:2038

RHSA-2024:2039

RHSA-2024:2040

RHSA-2024:2041

RHSA-2024:2042

RHSA-2024:2080

RHSA-2024:2616

RHSA-2024:3258

RHSA-2024:3261

RHSA-2024:3343

RHSA-2024:9093

RHSA-2024:9122

RHSA-2025:12751

SUSE-SU-2024:1199-1

SUSE-SU-2024:1260-1

SUSE-SU-2024:1261-1

SUSE-SU-2024:1262-1

SUSE-SU-2024:1264-1

SUSE-SU-2024:1265-1

SUSE-SU-2024:2776-1

UBUNTU-CVE-2024-31080

USN-6721-1

openSUSE-SU-2024:13828-1

openSUSE-SU-2024:13829-1

Related

Published

2024-04-04T14:15:10Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

References

Affected packages