xorg announce - Oct 2024 - X.Org Security Advisory: Issues in X.Org X server prior to 21.1.14 and Xwayland prior to 24.1.4

X.Org Security Advisory: October 29, 2024

Issues in X.Org X server prior to 21.1.14 and Xwayland prior to 24.1.4
=======================================================================
An issue has been found in the X server and Xwayland implementations
published by X.Org for which we are releasing security fixes for in
xorg-server-21.1.14 and xwayland-24.1.4.

1) CVE-2024-9632 can be triggered by providing a modified bitmap to the
X.Org server.

------------------------------------------------------------------------

1) CVE-2024-9632: Heap-based buffer overflow privilege escalation in
_XkbSetCompatMap

Introduced in: xorg-server-1.1.1 (2006)
Fixed in: xorg-server-21.1.14 and xwayland-24.1.4
Fix:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/85b776571487f52e756f68a069c768757369bfe3
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.

However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.

This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).

xorg-server-21.1.14 and xwayland-24.1.4 have been patched to fix this issue.

------------------------------------------------------------------------

X.Org thanks all of those who reported and fixed these issues, and those
who helped with the review and release of this advisory and these fixes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.x.org/archives/xorg-announce/attachments/20241029/44a87fdb/attachment.htm>