CVE-2024-21886

7.8 HIGH

Published: February 28, 2024 Modified: November 04, 2025

Description

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:0320

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0557

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0558

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0597

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0607

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0614

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0617

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0621

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0626

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0629

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2169

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2170

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2995

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2996

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:12751

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-21886

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2256542

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0320

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0557

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0558

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0597

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0607

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0614

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0617

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0621

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0626

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0629

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2169

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2170

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2995

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:2996

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/security/cve/CVE-2024-21886

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=2256542

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZ2IJJDHJETNE76VUX4G7UI5EG5HYFEH/

Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.8 / 10.0

EPSS (Exploit Probability)

0.3%

49th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-122

Related CVEs

CVE-2025-69261 N/A

CVE-2025-69257 6.7

CVE-2025-69210 N/A

CVE-2025-66823 N/A

CVE-2025-50343 N/A