Skip to content
Snippets Groups Projects
Commit 26120df7 authored by Matthieu Herrb's avatar Matthieu Herrb Committed by José Expósito
Browse files

xkb: Fix buffer overflow in _XkbSetCompatMap()


The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
buffer.

However, It didn't update its size properly. It updated `num_si` only,
without updating `size_si`.

This may lead to local privilege escalation if the server is run as root
or remote code execution (e.g. x11 over ssh).

CVE-2024-9632, ZDI-CAN-24756

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Reviewed-by: default avatarPeter Hutterer <peter.hutterer@who-t.net>
Tested-by: default avatarPeter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: default avatarJosé Expósito <jexposit@redhat.com>
(cherry picked from commit 85b77657)

Part-of: <!1735>
parent 113245b1
No related branches found
No related tags found
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment