CVE-2024-31081

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

Database specific

{
    "cna_assigner": "redhat",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31081.json",
    "cwe_ids": [
        "CWE-126"
    ]
}

References

Affected packages

Git / gitlab.freedesktop.org/xorg/xserver

Affected ranges

Type

GIT

Repo

https://gitlab.freedesktop.org/xorg/xserver

Events

Introduced

Last affected

4257023c1e40387aff096d5f00d746d3f7a521b4

Database specific

{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.0"
        }
    ]
}

Affected versions

Other

DRI-XFree86-4_3_99_12-merge

DRI-trunk-20040613

DRI-trunk-20040721

DRM-1_0_5

DRM-20040613

DRM-20040721

DRM-20050615

DRM-20051017

DRM-2_0_0

Domain-base

Domain-sync1

Domain-sync2

Domain-sync3

Domain-sync4

MODULAR_COPY

PRE_xf86-4_3_0_1

XACE-SELINUX-MERGE

XORG-6_7_99_1

XORG-6_7_99_2

XORG-6_7_99_901

XORG-6_7_99_902

XORG-6_7_99_903

XORG-6_7_99_904

XORG-6_8_0

XORG-6_8_99_1

XORG-6_8_99_10

XORG-6_8_99_11

XORG-6_8_99_12

XORG-6_8_99_13

XORG-6_8_99_14

XORG-6_8_99_15

XORG-6_8_99_16

XORG-6_8_99_2

XORG-6_8_99_3

XORG-6_8_99_4

XORG-6_8_99_5

XORG-6_8_99_6

XORG-6_8_99_7

XORG-6_8_99_8

XORG-6_8_99_9

XORG-6_8_99_900

XORG-6_8_99_901

XORG-6_8_99_902

XORG-6_8_99_903

XORG-6_99_99_900

XORG-6_99_99_901

XORG-6_99_99_902

XORG-6_99_99_903

XORG-6_99_99_904

XORG-7_0

XORG-7_0_99_901

XORG-MAIN

add-Xi

ah-20021030

ah-20021030-postdri

before-mesa-4_0-import

dhd-20010328

dhd-20010817

dhd-20020916

dri-0-1-branchpoint

dri-20020129-merge

dri-20020222-merge

kdrive-initial-import

keithp

lg3d-base

pre-R651-import

pre-xgldrop-merge

sco_port_update-base

xf-3_9_16Z

xf-3_9_16Za

xf-3_9_16d

xf-3_9_16e

xf-3_9_16f

xf-3_9_17

xf-3_9_17Z

xf-3_9_17a

xf-3_9_17b

xf-3_9_17c

xf-3_9_17d

xf-3_9_17e

xf-3_9_17f

xf-3_9_18

xf-3_9_18Z

xf-3_9_18Za

xf-3_9_18a

xf-3_9_18b

xf-4_0

xf-4_0-bindist

xf-4_0Z

xf-4_0_1

xf-4_0_1-bindist

xf-4_0_1Z

xf-4_0_1Za

xf-4_0_1Zb

xf-4_0_1Zc

xf-4_0_1a

xf-4_0_1b

xf-4_0_1c

xf-4_0_1d

xf-4_0_1e

xf-4_0_1f

xf-4_0_1g

xf-4_0_1h

xf-4_0_2

xf-4_0_2-bindist

xf-4_0_99_1

xf-4_0_99_2

xf-4_0_99_3

xf-4_0_99_900

xf-4_0a

xf-4_0b

xf-4_0c

xf-4_0d

xf-4_0e

xf-4_0f

xf-4_0g

xf-4_1_99_1

xf-4_1_99_2

xf-4_1_99_3

xf-4_1_99_4

xf-4_1_99_5

xf-4_1_99_6

xf-4_1_99_7

xf-4_2-bp

xf-4_2_0

xf-4_2_0-bindist

xf-4_2_0-bindist-1

xf-4_2_0_1

xf-4_2_1

xf-4_2_1_1

xf-4_2_99_1

xf-4_2_99_2

xf-4_2_99_3

xf-4_2_99_4

xf-4_2_99_901

xf-4_2_99_902

xf-4_3_0

xf-4_3_0_1

xf-4_3_99_1

xf-4_3_99_2

xf-4_3_99_3

xf-4_3_99_4

xf-4_3_99_5

xf-4_3_99_6

xf86-012804-2330

xf86-4_3_0_1

xf86-4_3_99_16

xf86-4_3_99_901

xf86-4_3_99_902

xf86-4_3_99_903

xf86-4_3_99_903_special

xf86-4_4_0

xf86-4_4_99_1

xfixes_2_branchpoint

xorg-server-0_99_1

xorg-server-1_0_99_1

xorg-server-1_0_99_2

xorg-server-1_0_99_901

xorg-server-1_1_99_1

xorg-server-1_1_99_2

xorg-server-1.*

xorg-server-1.1.99.3

xorg-server-1.5.99.1

xorg-server-1.6.99.900

xorg-server-1.6.99.901

xorg-server-1.6.99.902

xorg-server-1.6.99.903

xorg-server-1.7.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31081.json"