CVE-2024-9632

HIGH

X.org - Buffer Overflow

Title source: llm

Description

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.

References (20)

Core 20

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html

Mailing List

http://www.openwall.com/lists/oss-security/2024/10/29/2

Mailing List

http://seclists.org/fulldisclosure/2024/Oct/20

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:10090

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:8798

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9540

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9579

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9601

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9690

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9816

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9818

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9819

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9820

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9901

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12751

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:7163

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:7165

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:7458

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-9632

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2317233

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 17.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-122

Status published

Products (22)

Red Hat/Red Hat Enterprise Linux 10 0:24.1.5-3.el10_0

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.13

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.8.0-34.el7_9

Red Hat/Red Hat Enterprise Linux 8 0:1.13.1-14.el8_10

Red Hat/Red Hat Enterprise Linux 8 0:1.20.11-25.el8_10

Red Hat/Red Hat Enterprise Linux 8 0:21.1.3-17.el8_10

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 0:1.9.0-15.el8_2.12

Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:1.11.0-8.el8_4.11

... and 12 more

Published Oct 30, 2024

Tracked Since Feb 18, 2026