High severity7.8NVD Advisory· Published Feb 28, 2024· Updated Apr 15, 2026

CVE-2024-21886

Description

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:0320nvd
access.redhat.com/errata/RHSA-2024:0557nvd
access.redhat.com/errata/RHSA-2024:0558nvd
access.redhat.com/errata/RHSA-2024:0597nvd
access.redhat.com/errata/RHSA-2024:0607nvd
access.redhat.com/errata/RHSA-2024:0614nvd
access.redhat.com/errata/RHSA-2024:0617nvd
access.redhat.com/errata/RHSA-2024:0621nvd
access.redhat.com/errata/RHSA-2024:0626nvd
access.redhat.com/errata/RHSA-2024:0629nvd
access.redhat.com/errata/RHSA-2024:2169nvd
access.redhat.com/errata/RHSA-2024:2170nvd
access.redhat.com/errata/RHSA-2024:2995nvd
access.redhat.com/errata/RHSA-2024:2996nvd
access.redhat.com/errata/RHSA-2025:12751nvd
access.redhat.com/security/cve/CVE-2024-21886nvd
bugzilla.redhat.com/show_bug.cginvd
lists.debian.org/debian-lts-announce/2024/01/msg00016.htmlnvd
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/nvd
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/nvd
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/nvd
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZ2IJJDHJETNE76VUX4G7UI5EG5HYFEH/nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000