{"id":"CVE-2024-0229","details":"An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.","modified":"2026-03-13T07:48:56.493107Z","published":"2024-02-09T07:16:00.107Z","related":["ALSA-2024:0557","ALSA-2024:0607","ALSA-2024:2169","ALSA-2024:2170","ALSA-2024:2995","ALSA-2024:2996","CGA-6rgr-pcp3-3ph9","MGASA-2024-0022","SUSE-SU-2024:0109-1","SUSE-SU-2024:0111-1","SUSE-SU-2024:0114-1","SUSE-SU-2024:0116-1","SUSE-SU-2024:0121-1","SUSE-SU-2024:0165-1","openSUSE-SU-2024:13597-1","openSUSE-SU-2024:13598-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2995"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-0229"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0617"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0621"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0629"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0320"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0614"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2170"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:12751"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0557"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0597"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0607"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2169"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2996"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0558"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0626"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2256690"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"21.1.11"}]},{"events":[{"introduced":"0"},{"fixed":"23.2.4"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0229.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}