CVE-2024-21886

Description

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

How to fix CVE-2024-21886

To remediate CVE-2024-21886, upgrade the affected package to a fixed version below.

Debian/xorg-server—upgrade to 2:1.20.11-1+deb11u11 or later
Debian/xwayland—no fix listed

Is CVE-2024-21886 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2:1.20.11-1+deb11u11
from 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2024-21886