xkb: Fix buffer overflow in _XkbSetCompatMap() (!3) · Merge requests · José Expósito / xserver

José Expósito requested to merge master-CVE-2024-9632 into master Oct 29, 2024

The _XkbSetCompatMap() function attempts to resize the sym_interpret buffer.

However, It didn't update its size properly. It updated num_si only, without updating size_si.

This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh).

CVE-2024-9632, ZDI-CAN-24756

This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Reviewed-by: Peter Hutterer peter.hutterer@who-t.net Tested-by: Peter Hutterer peter.hutterer@who-t.net Reviewed-by: José Expósito jexposit@redhat.com

Admin message