Medium severity6.6NVD Advisory· Published Oct 25, 2018· Updated Jun 17, 2026
CVE-2018-14665
CVE-2018-14665
Description
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- Range: <1.20.3
- osv-coords10 versionspkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015
< 1.20.13-1.2+ 9 more
- (no CPE)range: < 1.20.13-1.2
- (no CPE)range: < 1.19.6-8.3.2
- (no CPE)range: < 1.19.6-8.3.2
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 1.19.6-8.3.2
Patches
Vulnerability mechanics
References
20- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330envdPatchThird Party Advisory
- gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170nvdPatchThird Party Advisory
- lists.x.org/archives/xorg-announce/2018-October/002927.htmlnvdMitigationPatchVendor Advisory
- www.exploit-db.com/exploits/45697/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/45742/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/45832/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/45908/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/45922/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/45938/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/46142/nvdExploitThird Party AdvisoryVDB Entry
- www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.htmlnvdExploitThird Party Advisory
- www.securityfocus.com/bid/105741nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041948nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:3410nvdThird Party Advisory
- security.gentoo.org/glsa/201810-09nvdThird Party Advisory
- usn.ubuntu.com/3802-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4328nvdThird Party Advisory
- packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.htmlnvd
- packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.htmlnvd
News mentions
0No linked articles in our index yet.