CVE-2020-14360 – This vulnerability in X.Org Server allows attac... (How to Fix)

Q: What is the severity of CVE-2020-14360?

CVE-2020-14360 has a CVSS score of 7.8 (HIGH). This vulnerability in X.Org Server allows attackers to execute arbitrary code with elevated privileges by exploiting an out-of-bounds memory access in the XkbSetMap function. It affects systems running X.Org Server before version 1.20.10, potentially leading to full system compromise. The primary risk is to systems with graphical interfaces where X.Org Server is running.

📋 TL;DR

This vulnerability in X.Org Server allows attackers to execute arbitrary code with elevated privileges by exploiting an out-of-bounds memory access in the XkbSetMap function. It affects systems running X.Org Server before version 1.20.10, potentially leading to full system compromise. The primary risk is to systems with graphical interfaces where X.Org Server is running.

💻 Affected Systems

Products:

X.Org Server
Linux distributions with X11 graphical environments

Versions: All versions before 1.20.10

Operating Systems: Linux distributions with X.Org Server (RHEL, CentOS, Fedora, Ubuntu, Debian, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with X.Org Server running. Systems without graphical interfaces or using Wayland instead of X11 are not affected.

📦 What is this software?

X Server by X.org

View all CVEs affecting X Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root privileges, allowing complete control over the system, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation from a standard user account to root, enabling installation of malware, data exfiltration, or lateral movement.

🟢

If Mitigated

Limited impact if system is patched, uses SELinux/AppArmor with strict policies, or runs without X.Org Server.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation vulnerability requiring access to the X server, which typically isn't directly internet-exposed.

🏢 Internal Only: HIGH - Internal attackers with user-level access can exploit this to gain root privileges on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access to the X server. Proof-of-concept code exists in security advisories and requires understanding of X11 protocol manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.20.10 or later

Vendor Advisory: https://lists.x.org/archives/xorg-announce/2020-December/003066.html

Restart Required: Yes

Instructions:

1. Update X.Org Server package using your distribution's package manager. 2. For RHEL/CentOS: 'yum update xorg-x11-server'. 3. For Ubuntu/Debian: 'apt update && apt install xserver-xorg-core'. 4. Restart the X server or reboot the system.

🔧 Temporary Workarounds

Disable Xkb extension

linux

Disable the X keyboard extension which contains the vulnerable function

Add 'Option "AutoAddDevices" "false"' to xorg.conf
Add 'Option "AllowEmptyInput" "false"' to xorg.conf

Use Wayland instead of X11

linux

Switch to Wayland display server protocol which is not affected

Set WAYLAND_DISPLAY environment variable
Configure display manager to use Wayland

🧯 If You Can't Patch

Implement strict access controls to limit who can connect to the X server
Use mandatory access control systems like SELinux or AppArmor with strict policies for X.Org Server

🔍 How to Verify

Check if Vulnerable:

Check X.Org Server version with: Xorg -version 2>&1 | grep 'X.Org X Server'

Check Version:

Xorg -version 2>&1 | grep 'X.Org X Server' || echo 'X.Org Server not running'

Verify Fix Applied:

Verify version is 1.20.10 or later: Xorg -version 2>&1 | grep 'X.Org X Server'

📡 Detection & Monitoring

Log Indicators:

X.Org Server crash logs
Segmentation faults in X server logs
Unusual XkbSetMap function calls

Network Indicators:

Unusual local X11 connections
Multiple failed X11 authentication attempts

SIEM Query:

source="xorg.log" AND ("segmentation fault" OR "XkbSetMap" OR "out of bounds")

📊 Metadata

CVE ID: CVE-2020-14360

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: January 20, 2021

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1869139 Issue Tracking,Patch,Third Party Advisory
https://lists.x.org/archives/xorg-announce/2020-December/003066.html Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1869139 Issue Tracking,Patch,Third Party Advisory
https://lists.x.org/archives/xorg-announce/2020-December/003066.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14360, you might also want to check these: