Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 942465 (CVE-2024-9632) - <x11-base/xwayland-24.1.4, <x11-base/xorg-server-21.1.14: Heap-based buffer overflow privilege escalation in _XkbSetCompatMap
Summary: <x11-base/xwayland-24.1.4, <x11-base/xorg-server-21.1.14: Heap-based buffer o...
Status: RESOLVED FIXED
Alias: CVE-2024-9632
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://lists.x.org/archives/xorg-ann...
Whiteboard: B1 [stable glsa+]
Keywords:
Depends on: 942570 942571 944970
Blocks:
  Show dependency tree
 
Reported: 2024-10-29 17:55 UTC by Christopher Fore
Modified: 2024-11-26 06:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2024-10-29 17:55:07 UTC
CVE-2024-9632:

The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer.

However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`.

This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh).



The above is fixed in:
x11-base/xwayland: 24.1.4
x11-base/xorg-server: 21.1.14
Comment 1 Larry the Git Cow gentoo-dev 2024-10-30 01:48:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72261e947621455a03db89d1aa060be54db21227

commit 72261e947621455a03db89d1aa060be54db21227
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2024-10-30 01:42:46 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2024-10-30 01:45:27 +0000

    x11-base/xorg-server: Version bump to 21.1.14
    
    Bug: https://bugs.gentoo.org/942465
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-base/xorg-server/Manifest                   |   1 +
 x11-base/xorg-server/xorg-server-21.1.14.ebuild | 195 ++++++++++++++++++++++++
 2 files changed, 196 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd8904d352fb971fc3d1c9fb78e2b54f0c572c82

commit bd8904d352fb971fc3d1c9fb78e2b54f0c572c82
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2024-10-30 01:40:43 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2024-10-30 01:40:51 +0000

    x11-base/xwayland: Version bump to 24.1.4
    
    Bug: https://bugs.gentoo.org/942465
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-base/xwayland/Manifest               |   1 +
 x11-base/xwayland/xwayland-24.1.4.ebuild | 133 +++++++++++++++++++++++++++++++
 2 files changed, 134 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2024-11-06 01:22:04 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d79b2d4b8afe72c02518708d428ec96fe80b3dd1

commit d79b2d4b8afe72c02518708d428ec96fe80b3dd1
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2024-11-06 01:18:05 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2024-11-06 01:21:39 +0000

    x11-base/xorg-server: Drop old versions
    
    Bug: https://bugs.gentoo.org/942465
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-base/xorg-server/Manifest                      |   1 -
 .../files/xorg-server-21.1.10-fix-c99-32bit.patch  |  54 ------
 x11-base/xorg-server/xorg-server-21.1.13-r1.ebuild | 197 ---------------------
 3 files changed, 252 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-11-17 09:49:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=9d38db782e6834a127a554309f114f6784c9e3bf

commit 9d38db782e6834a127a554309f114f6784c9e3bf
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-11-17 09:49:25 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-11-17 09:49:37 +0000

    [ GLSA 202411-08 ] X.Org X server, XWayland: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/928531
    Bug: https://bugs.gentoo.org/942465
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202411-08.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2024-11-17 12:51:38 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6802a1eef6251b412a39824a80bb85273a24ad4

commit b6802a1eef6251b412a39824a80bb85273a24ad4
Author:     Viorel Munteanu <ceamac@gentoo.org>
AuthorDate: 2024-11-17 12:49:46 +0000
Commit:     Viorel Munteanu <ceamac@gentoo.org>
CommitDate: 2024-11-17 12:51:14 +0000

    net-misc/tigervnc: update xorg-server sources
    
    Bug: https://bugs.gentoo.org/942465
    Signed-off-by: Viorel Munteanu <ceamac@gentoo.org>

 net-misc/tigervnc/Manifest                                              | 1 +
 .../tigervnc/{tigervnc-1.14.1-r1.ebuild => tigervnc-1.14.1-r2.ebuild}   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
Comment 5 Larry the Git Cow gentoo-dev 2024-11-25 19:02:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bc91a98f74717368bddd63539d7b4e06d7934c0

commit 9bc91a98f74717368bddd63539d7b4e06d7934c0
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2024-11-25 19:01:24 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2024-11-25 19:02:18 +0000

    x11-base/xwayland: Drop old versions
    
    Bug: https://bugs.gentoo.org/942465
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-base/xwayland/Manifest               |   2 -
 x11-base/xwayland/xwayland-24.1.2.ebuild | 133 -------------------------------
 x11-base/xwayland/xwayland-24.1.3.ebuild | 133 -------------------------------
 3 files changed, 268 deletions(-)