CVE-2024-21885

7.8 HIGH

Published: February 28, 2024 Modified: November 04, 2025

Description

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:0320

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0557

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0558

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0597

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0607

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0614

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0617

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0621

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0626

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0629

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2169

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2170

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2995

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2996

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:12751

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-21885

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2256540

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0320

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0557

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0558

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0597

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0607

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0614

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0617

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0621

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0626

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0629

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2169

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2170

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2995

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2996

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/security/cve/CVE-2024-21885

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=2256540

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20240503-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.8 / 10.0

EPSS (Exploit Probability)

0.3%

49th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-122

Related CVEs

CVE-2025-69261 N/A

CVE-2025-69257 6.7

CVE-2025-69210 N/A

CVE-2025-66823 N/A

CVE-2025-50343 N/A