CVE-2024-9632: xorg-x11-server Heap Overflow Privilege Escalation

Key Information Vulnerability Description CVE Number: CVE-2024-9632 Vulnerability Name: xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability Report Date: 2024-10-08 13:44 UTC Reporter: OSIDB Bzimport Last Modified: 2024-10-29 17:18 UTC Description: Due to improper tracking of allocated size in the function, a local attacker can trigger a buffer overflow condition by crafting a malicious payload, potentially leading to service denial or local privilege escalation. Vulnerability Impact Component: xorg-x11-server Version: Not specified Operating System: Linux Priority: High Severity: High Exploitation Environment: Some distributions (e.g., Debian XFCE running as root under specific display drivers) and SSH X11 forwarding environments. Virtual Environment: Does not work in VMware or default virtual machines, but works in virtual machines equipped with VBoxVGA graphics controller. Attachments Attachment Description: Detailed exploitation methods and impact analysis. Additional Information Reporter: Product Security DevOps Team Status: New Priority: High Severity: High Target Milestone: Not specified Dependencies: None Blocks: None Summary This vulnerability is a heap-based buffer overflow affecting the xorg-x11-server component, potentially leading to denial of service or local privilege escalation. It impacts Linux operating systems, with both priority and severity rated as high. The attachment provides detailed exploitation techniques and impact description.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-9632: xorg-x11-server Heap Overflow Privilege Escalation