PT-2024-7643 · X.Org+11 · X.Org Server+11

Jan-Niklas Sohn

Published

2024-10-08

Updated

2025-06-17

CVE-2024-9632

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions X.Org Server versions prior to 21.1.14

Description A flaw was found in the X.org server due to improperly tracked allocation size in XkbSetCompatMap, allowing a local attacker to trigger a buffer overflow condition via a specially crafted payload. This can lead to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. The issue is estimated to have been present for 18 years, affecting various Linux distributions and potentially other systems.

Recommendations For X.Org Server versions prior to 21.1.14, update to version 21.1.14 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XkbSetCompatMap function until a patch is available. Additionally, ensure that the X.org server is not run with root privileges unless necessary, to minimize the risk of exploitation.

Fix

DoS

LPE

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALSA-2024:10090

ALSA-2024:8798

ALSA-2024:9540

ALSA-2025:7163

ALSA-2025:7165

ALT-PU-2024-14929

ALT-PU-2024-14931

ALT-PU-2024-15500

ALT-PU-2024-15502

AZL-52026

AZL-52032

AZL-52035

BDU:2024-09084

CESA-2024_8798

CESA-2024_9540

CVE-2024-9632

DLA-3940-1

DSA-5800-1

INFSA-2024_10090

INFSA-2024_8798

INFSA-2024_9540

INFSA-2025_7163

INFSA-2025_7165

MGASA-2024-0357

OESA-2024-2352

OPENSUSE-SU-2024:14466-1

OPENSUSE-SU-2024:14467-1

OPENSUSE-SU-2024_3787-1

OPENSUSE-SU-2024_3788-1

OPENSUSE-SU-2024_3789-1

OPENSUSE-SU-2024_3790-1

OPENSUSE-SU-2024_3791-1

OPENSUSE-SU-2024_3866-1

RHSA-2024:10090

RHSA-2024:8798

RHSA-2024:9540

RHSA-2024:9579

RHSA-2024:9601

RHSA-2024:9690

RHSA-2024:9816

RHSA-2024:9818

RHSA-2024:9819

RHSA-2024:9820

RHSA-2024:9901

RHSA-2024_10090

RHSA-2024_8798

RHSA-2024_9540

RHSA-2025:12751

RHSA-2025:7163

RHSA-2025:7165

RHSA-2025:7458

RHSA-2025_7163

RHSA-2025_7165

RLSA-2024:10090

RLSA-2024:8798

RLSA-2024:9540

ROSA-SA-2025-2575

ROSA-SA-2025-2576

ROSA-SA-2025-2871

SUSE-SU-2024:3786-1

SUSE-SU-2024:3787-1

SUSE-SU-2024:3788-1

SUSE-SU-2024:3789-1

SUSE-SU-2024:3790-1

SUSE-SU-2024:3791-1

SUSE-SU-2024:3866-1

SUSE-SU-2024:3867-1

SUSE-SU-2024_3786-1

SUSE-SU-2024_3787-1

SUSE-SU-2024_3788-1

SUSE-SU-2024_3791-1

SUSE-SU-2024_3866-1

SUSE-SU-2024_3867-1

USN-7085-1

USN-7085-2

ZDI-24-1453

ZDI-25-076

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

X.Org Server

PT-2024-7643 · X.Org+11 · X.Org Server+11

CVE-2024-9632

Weakness Enumeration

Related Identifiers

Affected Products

References · 142