Unrated severityNVD Advisory· Published Oct 25, 2018· Updated Aug 5, 2024
CVE-2018-14665
CVE-2018-14665
Description
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Affected products
10- osv-coords10 versionspkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015
< 1.20.13-1.2+ 9 more
- (no CPE)range: < 1.20.13-1.2
- (no CPE)range: < 1.19.6-8.3.2
- (no CPE)range: < 1.19.6-8.3.2
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 7.4-27.122.21.1
- (no CPE)range: < 1.19.6-8.3.2
Patches
350c0cf885a6e971d418113748a59e3b7dbb3Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
20- www.exploit-db.com/exploits/45697/mitreexploitx_refsource_EXPLOIT-DB
- www.exploit-db.com/exploits/45742/mitreexploitx_refsource_EXPLOIT-DB
- www.exploit-db.com/exploits/45832/mitreexploitx_refsource_EXPLOIT-DB
- www.exploit-db.com/exploits/45908/mitreexploitx_refsource_EXPLOIT-DB
- www.exploit-db.com/exploits/45922/mitreexploitx_refsource_EXPLOIT-DB
- www.exploit-db.com/exploits/45938/mitreexploitx_refsource_EXPLOIT-DB
- www.exploit-db.com/exploits/46142/mitreexploitx_refsource_EXPLOIT-DB
- access.redhat.com/errata/RHSA-2018:3410mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201810-09mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3802-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4328mitrevendor-advisoryx_refsource_DEBIAN
- packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.htmlmitrex_refsource_MISC
- www.securityfocus.com/bid/105741mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1041948mitrevdb-entryx_refsource_SECTRACK
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330emitrex_refsource_CONFIRM
- gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170mitrex_refsource_CONFIRM
- lists.x.org/archives/xorg-announce/2018-October/002927.htmlmitremailing-listx_refsource_MLIST
- www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.