X.Org X Server Integer Underflow Vulnerability in XKB Compatibility Map Handling Allowing Denial-of-Service

An integer underflow vulnerability has been identified in the X.Org X server, specifically within the XKB compatibility map handling. This flaw allows an attacker with local or remote access to the X11 server to exploit a buffer read overrun, leading to memory-safety violations. The vulnerability can cause a denial-of-service (DoS) condition or other severe impacts, depending on the context in which X.Org or Xwayland is deployed.

Impact

Exploitation of this vulnerability can trigger memory-safety violations, causing crashes or more severe impacts based on the X.Org/Xwayland deployment.

Reproduction

The vulnerability can be reproduced by sending XKB requests that exploit the integer underflow in the compatibility map handling. This can be done locally or through remote X11 forwarding over SSH, without requiring user interaction.

Remediation

To mitigate this vulnerability, restrict access to the X11 server. For remote access, disable X11 forwarding in SSH configurations if not needed. After updating the SSH configuration, restart the sshd service. Note that disabling X11 forwarding may affect remote graphical applications.