fkie_nvd - fkie_cve-2024-9632

fkie_cve-2024-9632

Vulnerability from fkie_nvd

Published

2024-10-30 08:15

Modified

2025-08-04 21:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.

References

	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:10090
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:8798
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:9540
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:9579
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:9601
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:9690
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:9816
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:9818
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:9819
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:9820
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:9901
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:12751
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:7163
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:7165
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:7458
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-9632
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2317233
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Oct/20
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/10/29/2
	af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges."
    },
    {
      "lang": "es",
      "value": " Se encontr\u00f3 un fallo en el servidor X.org. Debido a que el tama\u00f1o de asignaci\u00f3n no se rastrea correctamente en _XkbSetCompatMap, un atacante local podr\u00eda desencadenar una condici\u00f3n de desbordamiento de b\u00fafer a trav\u00e9s de un payload especialmente manipulado, lo que provocar\u00eda una denegaci\u00f3n de servicio o una escalada de privilegios locales en distribuciones donde el servidor X.org se ejecuta con privilegios de root."
    }
  ],
  "id": "CVE-2024-9632",
  "lastModified": "2025-08-04T21:15:29.537",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-30T08:15:04.830",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:10090"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:8798"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:9540"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:9579"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:9601"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:9690"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:9816"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:9818"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:9819"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:9820"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:9901"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:12751"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:7163"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:7165"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:7458"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2024-9632"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2024/10/29/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-9632 (GCVE-0-2024-9632)

Vulnerability from cvelistv5

Published

2024-10-30 07:42

Modified

2025-08-04 21:04

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Summary

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:10090	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8798	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:9540	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:9579	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:9601	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:9690	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:9816	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:9818	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:9819	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:9820	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:9901	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:12751	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7163	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7165	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7458	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-9632	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2317233	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Version: 1.1.1 ≤

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 0:24.1.5-3.el10_0 < * cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION	Unaffected: 0:1.1.0-25.el6_10.13 < * cpe:/o:redhat:rhel_els:6
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:1.8.0-34.el7_9 < * cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:1.20.11-25.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:21.1.3-17.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:1.13.1-14.el8_10 < * cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:1.9.0-15.el8_2.12 < * cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:1.11.0-8.el8_4.11 < * cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:1.11.0-8.el8_4.11 < * cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:1.11.0-8.el8_4.11 < * cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:1.12.0-6.el8_6.12 < * cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:1.12.0-6.el8_6.12 < * cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:1.12.0-6.el8_6.12 < * cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:1.12.0-15.el8_8.11 < * cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:1.14.1-1.el9_5 < * cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:1.20.11-28.el9_6 < * cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:23.2.7-3.el9_6 < * cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:1.11.0-22.el9_0.12 < * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:1.12.0-14.el9_2.9 < * cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:1.13.1-8.el9_4.4 < * cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Show details on NVD website