Untriaged
Permalink
CVE-2024-9632
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
References
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- http://seclists.org/fulldisclosure/2024/Oct/20
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- RHSA-2024:9540 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9690 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9816 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9818 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9819 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9820 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9901 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- RHSA-2024:10090 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- RHSA-2024:10090 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9540 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9690 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9816 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9818 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9819 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9820 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9901 x_refsource_REDHAT vendor-advisory
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- RHSA-2024:9690 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9816 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9818 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9819 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9820 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9901 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- RHSA-2024:10090 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9540 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9690 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9816 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9818 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9819 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9820 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9901 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- RHSA-2024:10090 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9540 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- RHSA-2024:10090 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9540 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9690 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9816 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9818 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9819 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9820 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9901 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- RHSA-2024:10090 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9540 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9690 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9816 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9818 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9819 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9820 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9901 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- RHSA-2024:9818 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9819 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9820 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9901 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- RHSA-2024:10090 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9540 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9690 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9816 x_refsource_REDHAT vendor-advisory
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- RHSA-2024:10090 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9540 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9690 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9816 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9818 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9819 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9820 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9901 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- RHSA-2024:10090 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9540 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9690 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9816 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9818 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9819 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9820 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9901 x_refsource_REDHAT vendor-advisory
- RHSA-2025:12751 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
- RHSA-2024:10090 x_refsource_REDHAT vendor-advisory
- RHSA-2024:8798 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9540 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9579 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9601 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9690 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9816 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9818 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9819 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9820 x_refsource_REDHAT vendor-advisory
- RHSA-2024:9901 x_refsource_REDHAT vendor-advisory
- RHSA-2025:12751 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-9632 x_refsource_REDHAT vdb-entry
- RHBZ#2317233 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2024/10/29/2
- https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html
- http://seclists.org/fulldisclosure/2024/Oct/20
Affected products
tigervnc
- *
xorg-server
- <21.1.14
xorg-x11-server
- *
xorg-x11-server-Xwayland
- *