Launchpad.net

CVE 2024-31083

A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.

Related bugs and status

CVE-2024-31083 (Candidate) is related to these bugs:

Bug #2056331: [SRU] fix suspend/resume when there are no input devices

		In	Importance	Status
2056331	[SRU] fix suspend/resume when there are no input devices	xorg-server (Ubuntu)	Medium	Fix Released
2056331	[SRU] fix suspend/resume when there are no input devices	X.Org X server	Unknown	Fix Released
2056331	[SRU] fix suspend/resume when there are no input devices	xorg-server (Ubuntu Noble)	Medium	Fix Released
2056331	[SRU] fix suspend/resume when there are no input devices	xorg-server (Ubuntu Jammy)	Medium	Fix Committed
2056331	[SRU] fix suspend/resume when there are no input devices	xorg-server (Ubuntu Mantic)	Undecided	Fix Committed

Bug #2060354: Segfaults and assertion failures in Xorg's render/glyph.c

		In	Importance	Status
2060354	Segfaults and assertion failures in Xorg's render/glyph.c	xorg-server (Ubuntu)	High	Triaged
2060354	Segfaults and assertion failures in Xorg's render/glyph.c	X.Org X server	Unknown	Fix Released
2060354	Segfaults and assertion failures in Xorg's render/glyph.c	xwayland (Ubuntu)	High	Triaged
2060354	Segfaults and assertion failures in Xorg's render/glyph.c	xorg-server (Ubuntu Noble)	High	Triaged
2060354	Segfaults and assertion failures in Xorg's render/glyph.c	xwayland (Ubuntu Noble)	High	Triaged
2060354	Segfaults and assertion failures in Xorg's render/glyph.c	xorg-server (Ubuntu Jammy)	High	Fix Released
2060354	Segfaults and assertion failures in Xorg's render/glyph.c	xwayland (Ubuntu Jammy)	High	Fix Released
2060354	Segfaults and assertion failures in Xorg's render/glyph.c	xorg-server (Ubuntu Mantic)	High	Fix Released
2060354	Segfaults and assertion failures in Xorg's render/glyph.c	xwayland (Ubuntu Mantic)	High	Fix Released
2060354	Segfaults and assertion failures in Xorg's render/glyph.c	xorg-server (Ubuntu Focal)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2024-31083

Related bugs and status

Related bugs

References