X.Org Security Advisory: October 29, 2024 Issues in X.Org X server prior to 21.1.14 and Xwayland prior to 24.1.4 ========================================================================
An issue has been found in the X server and Xwayland implementations published by X.Org for which we are releasing security fixes for in xorg-server-21.1.14 and xwayland-24.1.4. 1) CVE-2024-9632 can be triggered by providing a modified bitmap to the X.Org server. ------------------------------------------------------------------------ 1) CVE-2024-9632: Heap-based buffer overflow privilege escalation in _XkbSetCompatMap Introduced in: xorg-server-1.1.1 (2006) Fixed in: xorg-server-21.1.14 and xwayland-24.1.4 Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/85b776571487f52e756f68a069c768757369bfe3 Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh). xorg-server-21.1.14 and xwayland-24.1.4 have been patched to fix this issue. ------------------------------------------------------------------------ X.Org thanks all of those who reported and fixed these issues, and those who helped with the review and release of this advisory and these fixes.
