X.org: heap-based buffer overflow (CVE-2024-9632) #shorts #breaking
CVE
This CVE highlights a critical vulnerability in the X.org server, specifically a heap-based buffer overflow. This issue, identified as a zero-day, is caused by incorrect tracking of allocation size in a function called _XkbSetCompatMap. If exploited, a local attacker could use a crafted payload to disrupt the service or escalate privileges, especially in systems where the X.org server operates with root access. Despite the recent discovery of this flaw, no specific attacker or tools have been identified.
Watch the full video on YouTube: CVE-2024-9632
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
- https://access.redhat.com/errata/RHSA-2024:10090
- https://access.redhat.com/errata/RHSA-2024:8798
- https://access.redhat.com/errata/RHSA-2024:9540
- https://access.redhat.com/errata/RHSA-2024:9579
- https://access.redhat.com/errata/RHSA-2024:9601
- https://access.redhat.com/errata/RHSA-2024:9690
- https://access.redhat.com/errata/RHSA-2024:9816
- https://access.redhat.com/errata/RHSA-2024:9818
- https://access.redhat.com/errata/RHSA-2024:9819
- https://access.redhat.com/errata/RHSA-2024:9820
- https://access.redhat.com/errata/RHSA-2024:9901
- https://access.redhat.com/security/cve/CVE-2024-9632
- https://bugzilla.redhat.com/show_bug.cgi?id=2317233
CVE database technical details
CVE ID
CVE-2024-9632
Description
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
Provider
redhat
CWE / problem types
Heap-based Buffer Overflow
Affected Software Versions
None:None:[{'status': 'affected', 'version': '1.1.1', 'lessThan': '21.1.14', 'versionType': 'semver'}],Red Hat:Red Hat Enterprise Linux 7 Extended Lifecycle Support:[{'version': '0:1.8.0-34.el7_9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8:[{'version': '0:1.20.11-25.el8_10', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8:[{'version': '0:21.1.3-17.el8_10', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8:[{'version': '0:1.13.1-14.el8_10', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.2 Advanced Update Support:[{'version': '0:1.9.0-15.el8_2.12', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support:[{'version': '0:1.11.0-8.el8_4.11', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.4 Telecommunications Update Service:[{'version': '0:1.11.0-8.el8_4.11', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions:[{'version': '0:1.11.0-8.el8_4.11', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support:[{'version': '0:1.12.0-6.el8_6.12', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.6 Telecommunications Update Service:[{'version': '0:1.12.0-6.el8_6.12', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions:[{'version': '0:1.12.0-6.el8_6.12', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 8.8 Extended Update Support:[{'version': '0:1.12.0-15.el8_8.11', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9:[{'version': '0:1.14.1-1.el9_5', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions:[{'version': '0:1.11.0-22.el9_0.12', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9.2 Extended Update Support:[{'version': '0:1.12.0-14.el9_2.9', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 9.4 Extended Update Support:[{'version': '0:1.13.1-8.el9_4.4', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 6:None,Red Hat:Red Hat Enterprise Linux 6:None,Red Hat:Red Hat Enterprise Linux 7:None,Red Hat:Red Hat Enterprise Linux 9:None,Red Hat:Red Hat Enterprise Linux 9:None
Date Published
2024-10-30T07:42:35.320Z
Last Updated
2024-12-26T14:22:23.947Z