FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xorg server -- _XkbSetCompatMap vulnerability

Affected packages
	xorg-server	<	21.1.14,1
	xwayland	<	24.1.4,1

Details

VuXML ID	141f2a22-a6a7-11ef-b282-0c9d92850f7a
Discovery	2024-10-29
Entry	2024-11-19

The X.Org project reports:

CVE-2024-9632: Heap buffer Heap-based buffer overflow privilege escalation in _XkbSetCompatMap
The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh).

[source]

References

CVE Name	CVE-2024-9632
URL	https://lists.x.org/archives/xorg-announce/2024-October/003545.html