X.Org Security Advisory: October 29, 2024
Issues in X.Org X server prior to 21.1.14 and Xwayland prior to 24.1.4
========================================================================
An issue has been found in the X server and Xwayland implementations
published by X.Org for which we are releasing security fixes for in
xorg-server-21.1.14 and xwayland-24.1.4.
1) CVE-2024-9632 can be triggered by providing a modified bitmap to the
X.Org server.
------------------------------------------------------------------------
1) CVE-2024-9632: Heap-based buffer overflow privilege escalation in
_XkbSetCompatMap
Introduced in: xorg-server-1.1.1 (2006)
Fixed in: xorg-server-21.1.14 and xwayland-24.1.4
Fix:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/85b776571487f52e756f68a069c768757369bfe3
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.
However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.
This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).
xorg-server-21.1.14 and xwayland-24.1.4 have been patched to fix this issue.
------------------------------------------------------------------------
X.Org thanks all of those who reported and fixed these issues, and those
who helped with the review and release of this advisory and these fixes.
-------------- next part --------------
An HTML attachment was scrubbed...
url: <https://lists.x.org/archives/xorg-announce/attachments/20241029/44a87fdb/attachment.htm>