This is a cache of https://www.phoronix.com/news/X.Org-CVE-2024-9632. It is a snapshot of the page at 2024-10-30T01:13:17.522+0000.

Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years - Phoronix

Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years

Written by Michael Larabel in X.Org on 29 October 2024 at 01:47 PM EDT. 36 Comments

X.ORG

CVE-2024-9632 was made public today as the latest security vulnerability affecting the X.Org Server. The CVE-2024-9632 security issue has been present in the codebase now for 18 years and can lead to local privilege escalation.

Introduced in the X.Org Server 1.1.1 release back in 2006, CVE-2024-9632 affects the X.Org Server as well as XWayland too. By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.

This security issue is within _XkbSetCompatMap() and stems from not updating the heap size properly and can lead to local privilege escalation if the server is run as root or as a remote code execution with X11 over SSH.

The X.Org security advisory announcement can be read on the mailing list. The X.Org Server 21.1.4 and XWayland 24.1.4 releases fix the issue, which was discovered by the Trend Micro Zero Day Initiative. Trend Micro continues uncovering many X.Org security vulnerabilities over the years.

36 Comments

Related News

It's Taken Until 2024 To Add FreeBSD To X.Org Continuous Integration Testing

libX11 1.8.10 Brings Memory Safety Fixes

X.Org Testing Ground Expands Its Scope To Illumos/OpenIndiana

X.Org Server Patches Look To Cleanup VRR Handling, Make It Xinerama-Aware

X.Org Testing Ground Toolkit v0.0.2 Adds NetBSD & FreeBSD Support

X.Org Testing Ground Toolkit: Making It Less Difficult To Compile The X Server In 2024

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Linus Torvalds Comments On The Russian Linux Maintainers Being Delisted

Several Linux Kernel Driver Maintainers Removed Due To Their Association To Russia

Linus Torvalds Growing Frustrated By Buggy Hardware & Theoretical CPU Attacks

Some Clarity On The Linux Kernel's "Compliance Requirements" Around Russian Sanctions

Rust-Written Rustls Now Reportedly Outperforming OpenSSL & BoringSSL

Cloudflare Continues To Praise Open-Source OpenBMC

Bitwarden Makes Change To Address Recent Open-Source Concerns

Significant CRC32C Throughput Optimization On The Way To The Linux Kernel