X.org Server Flaw Allows Buffer Overflow, Denial of Service or Privilege Escalation
CVE-2024-9632

7.8HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
30 October 2024

Summary

A flaw exists in the X.org server that stems from an improper handling of allocation size in the _XkbSetCompatMap function. This vulnerability allows a local attacker to potentially exploit this issue by sending a specially crafted payload, which could result in a buffer overflow condition. If successfully exploited, this vulnerability may lead to denial of service or enable local privilege escalation in environments where the X.org server operates with elevated permissions, specifically with root access. It is crucial for administrators to review their configurations and apply necessary security updates to mitigate the risks associated with this vulnerability.

References

https://access.redhat.com/errata/RHSA-2024:10090
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8798
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9540
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.