CVE-2024-9632

Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.

Se encontró un fallo en el servidor X.org. Debido a que el tamaño de asignación no se rastrea correctamente en _XkbSetCompatMap, un atacante local podría desencadenar una condición de desbordamiento de búfer a través de un payload especialmente manipulado, lo que provocaría una denegación de servicio o una escalada de privilegios locales en distribuciones donde el servidor X.org se ejecuta con privilegios de root.

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of XkbSetCompatMap requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.

*Credits: Jan-Niklas Sohn

CVSS Scores

Red Hatv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-10-08 CVE Reserved
2024-10-30 CVE Published
2024-11-14 EPSS Updated
2024-11-21 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-122: Heap-based Buffer Overflow

CAPEC

References (13)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-9632	2024-10-30
https://bugzilla.redhat.com/show_bug.cgi?id=2317233	2024-10-30
https://access.redhat.com/errata/RHSA-2024:10090	2024-11-21
https://access.redhat.com/errata/RHSA-2024:8798	2024-11-21
https://access.redhat.com/errata/RHSA-2024:9540	2024-11-21
https://access.redhat.com/errata/RHSA-2024:9579	2024-11-21
https://access.redhat.com/errata/RHSA-2024:9601	2024-11-21
https://access.redhat.com/errata/RHSA-2024:9690	2024-11-21
https://access.redhat.com/errata/RHSA-2024:9816	2024-11-21
https://access.redhat.com/errata/RHSA-2024:9818	2024-11-21
https://access.redhat.com/errata/RHSA-2024:9819	2024-11-21
https://access.redhat.com/errata/RHSA-2024:9820	2024-11-21
https://access.redhat.com/errata/RHSA-2024:9901	2024-11-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
-		-				-		-		-