A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
History

Tue, 26 Nov 2024 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:6

Fri, 22 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_aus:8.2
cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6

Fri, 22 Nov 2024 12:00:00 +0000


Thu, 21 Nov 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Els
Redhat rhel Tus
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.4::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_tus:8.4::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Aus
Redhat rhel Els
Redhat rhel Tus
References

Sat, 16 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:8.8

Thu, 14 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:9.2

Wed, 13 Nov 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products Redhat rhel E4s
References

Wed, 13 Nov 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.2::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 05 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Mon, 04 Nov 2024 23:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
References

Wed, 30 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 30 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Title xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Wed, 30 Oct 2024 01:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
Title xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
Weaknesses CWE-122
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-10-30T07:42:35.320Z

Updated: 2024-11-26T17:23:37.430Z

Reserved: 2024-10-08T13:45:31.259Z

Link: CVE-2024-9632

cve-icon Vulnrichment

Updated: 2024-10-31T19:02:24.167Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-30T08:15:04.830

Modified: 2024-11-21T19:15:14.210

Link: CVE-2024-9632

cve-icon Redhat

Severity : Important

Publid Date: 2024-10-29T00:00:00Z

Links: CVE-2024-9632 - Bugzilla