CVE-2024-31082: 
CBL Mariner vulnerability analysis and mitigation

A heap-based buffer over-read vulnerability (CVE-2024-31082) was discovered in the X.org server's ProcAppleDRICreatePixmap() function. The vulnerability was introduced in xorg-server-1.12.0 (2012) and has been fixed in xorg-server-21.1.12. This issue occurs when byte-swapped length values are used in replies, particularly when triggered by a client with a different endianness than the X server. The vulnerability is specific to the Xquartz server for MacOS systems and is not present in Xwayland, Xorg, or other X servers (X.Org Advisory).

The vulnerability exists in the ProcAppleDRICreatePixmap() function, which uses the byte-swapped length of the return data for the amount of data to return to the client when the client has a different endianness than the X server. The issue has been assigned a CVSS v3.1 Base Score of 7.3 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H). The vulnerability is classified as CWE-126 (Buffer Over-read) (NVD).

When exploited, this vulnerability could allow an attacker to cause the X server to read heap memory values and transmit them back to the client until encountering an unmapped page, resulting in a crash. While the attacker cannot control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads (X.Org Advisory).

The vulnerability has been patched in xorg-server-21.1.12. Additionally, administrators can disable byte-swapped clients support by using the -byteswappedclients command-line option or by adding a configuration file in /etc/X11/xorg.conf.d/ with the option 'AllowByteSwappedClients' set to 'False'. A subsequent fix was released in xorg-server-21.1.13 to address a double-free issue introduced by the initial patch (OSS Security).