Summary: A critical vulnerability, tracked as CVE-2024-9632, has been identified in the X.Org Server, affecting numerous Linux and Unix-like systems for the past 18 years. This flaw could allow local attackers to execute arbitrary code, escalate privileges, or cause denial of service by exploiting a buffer overflow in the server’s keyboard compatibility handling function.
Threat Actor: Local attackers | local attackers
Victim: X.Org Server users | X.Org Server users
Key Point :
- The vulnerability allows for potential Denial of Service (DoS), local privilege escalation, and remote code execution.
- Affected versions include all releases since 1.1.1 in 2006, impacting a wide range of systems.
- Patched versions (21.1.14 for X.Org Server and 24.1.4 for XWayland) have been released, and users are urged to update immediately.
- The flaw was discovered by researchers at the Trend Micro Zero Day Initiative and disclosed to the X.Org security team.
A high-severity vulnerability was found in the X.Org Server, the popular display server for Linux and other Unix-like operating systems. Tracked as CVE-2024-9632, this flaw has been lurking in the codebase for a staggering 18 years and could allow attackers to gain control of vulnerable systems.
The bug resides in the _XkbSetCompatMap() function, which is responsible for handling keyboard compatibility maps. Due to improper tracking of memory allocation size, a local attacker could exploit this vulnerability by sending a specially crafted payload to the server, triggering a buffer overflow condition.
This vulnerability could lead to:
- Denial of Service (DoS): The attacker could crash the X.Org Server, disrupting the graphical user interface and rendering the system unusable.
- Local Privilege Escalation: In distributions where the X.Org Server runs with root privileges, the attacker could gain elevated permissions, potentially taking complete control of the system.
- Remote Code Execution: If X11 forwarding is enabled over SSH, a remote attacker could potentially exploit this vulnerability to execute arbitrary code on the target system.
CVE-2024-9632 affects all versions of the X.Org Server since its 1.1.1 release in 2006, including XWayland. This means a vast number of Linux and Unix-like systems could be vulnerable.
The X.Org Foundation has released patched versions of the X.Org Server (21.1.14) and XWayland (24.1.4) to address this vulnerability. Users are strongly urged to update their systems to these latest versions immediately.
The vulnerability was discovered by researchers at the Trend Micro Zero Day Initiative and responsibly disclosed to the X.Org security team.