{"id":"CVE-2018-14665","details":"A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.","modified":"2026-04-16T06:19:42.389340633Z","published":"2018-10-25T20:29:00.250Z","related":["SUSE-SU-2018:3456-1","SUSE-SU-2018:3680-1","openSUSE-SU-2024:11525-1"],"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html"},{"type":"WEB","url":"http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3802-1/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201810-09"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4328"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041948"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105741"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3410"},{"type":"FIX","url":"https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665"},{"type":"FIX","url":"https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e"},{"type":"FIX","url":"https://lists.x.org/archives/xorg-announce/2018-October/002927.html"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45697/"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/46142/"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45908/"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45938/"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45742/"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45832/"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45922/"},{"type":"EVIDENCE","url":"https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/xorg/xserver","events":[{"introduced":"0"},{"fixed":"971d418113740cae2d7d393850bad4926d1a7e86"},{"introduced":"0"},{"last_affected":"0d7ec5c7d9b451066a079fe56bcc9722341a91ff"},{"introduced":"0"},{"last_affected":"0d7ec5c7d9b451066a079fe56bcc9722341a91ff"},{"introduced":"0"},{"last_affected":"0d7ec5c7d9b451066a079fe56bcc9722341a91ff"},{"fixed":"50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e"},{"fixed":"8a59e3b7dbb30532a7c3769c555e00d7c4301170"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.20.3"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.0"}]}}],"versions":["DRI-XFree86-4_3_99_12-merge","DRI-trunk-20040613","DRI-trunk-20040721","DRM-1_0_5","DRM-20040613","DRM-20040721","DRM-20050615","DRM-20051017","DRM-2_0_0","Domain-base","Domain-sync1","Domain-sync2","Domain-sync3","Domain-sync4","MODULAR_COPY","PRE_xf86-4_3_0_1","XACE-SELINUX-MERGE","XORG-6_7_99_1","XORG-6_7_99_2","XORG-6_7_99_901","XORG-6_7_99_902","XORG-6_7_99_903","XORG-6_7_99_904","XORG-6_8_0","XORG-6_8_99_1","XORG-6_8_99_10","XORG-6_8_99_11","XORG-6_8_99_12","XORG-6_8_99_13","XORG-6_8_99_14","XORG-6_8_99_15","XORG-6_8_99_16","XORG-6_8_99_2","XORG-6_8_99_3","XORG-6_8_99_4","XORG-6_8_99_5","XORG-6_8_99_6","XORG-6_8_99_7","XORG-6_8_99_8","XORG-6_8_99_9","XORG-6_8_99_900","XORG-6_8_99_901","XORG-6_8_99_902","XORG-6_8_99_903","XORG-6_99_99_900","XORG-6_99_99_901","XORG-6_99_99_902","XORG-6_99_99_903","XORG-6_99_99_904","XORG-7_0","XORG-7_0_99_901","XORG-MAIN","add-Xi","ah-20021030","ah-20021030-postdri","before-mesa-4_0-import","dhd-20010328","dhd-20010817","dhd-20020916","dri-0-1-branchpoint","dri-20020129-merge","dri-20020222-merge","kdrive-initial-import","keithp","lg3d-base","pre-R651-import","pre-xgldrop-merge","sco_port_update-base","xf-3_9_16Z","xf-3_9_16Za","xf-3_9_16d","xf-3_9_16e","xf-3_9_16f","xf-3_9_17","xf-3_9_17Z","xf-3_9_17a","xf-3_9_17b","xf-3_9_17c","xf-3_9_17d","xf-3_9_17e","xf-3_9_17f","xf-3_9_18","xf-3_9_18Z","xf-3_9_18Za","xf-3_9_18a","xf-3_9_18b","xf-4_0","xf-4_0-bindist","xf-4_0Z","xf-4_0_1","xf-4_0_1-bindist","xf-4_0_1Z","xf-4_0_1Za","xf-4_0_1Zb","xf-4_0_1Zc","xf-4_0_1a","xf-4_0_1b","xf-4_0_1c","xf-4_0_1d","xf-4_0_1e","xf-4_0_1f","xf-4_0_1g","xf-4_0_1h","xf-4_0_2","xf-4_0_2-bindist","xf-4_0_99_1","xf-4_0_99_2","xf-4_0_99_3","xf-4_0_99_900","xf-4_0a","xf-4_0b","xf-4_0c","xf-4_0d","xf-4_0e","xf-4_0f","xf-4_0g","xf-4_1_99_1","xf-4_1_99_2","xf-4_1_99_3","xf-4_1_99_4","xf-4_1_99_5","xf-4_1_99_6","xf-4_1_99_7","xf-4_2-bp","xf-4_2_0","xf-4_2_0-bindist","xf-4_2_0-bindist-1","xf-4_2_0_1","xf-4_2_1","xf-4_2_1_1","xf-4_2_99_1","xf-4_2_99_2","xf-4_2_99_3","xf-4_2_99_4","xf-4_2_99_901","xf-4_2_99_902","xf-4_3_0","xf-4_3_0_1","xf-4_3_99_1","xf-4_3_99_2","xf-4_3_99_3","xf-4_3_99_4","xf-4_3_99_5","xf-4_3_99_6","xf86-012804-2330","xf86-4_3_0_1","xf86-4_3_99_16","xf86-4_3_99_901","xf86-4_3_99_902","xf86-4_3_99_903","xf86-4_3_99_903_special","xf86-4_4_0","xf86-4_4_99_1","xfixes_2_branchpoint","xorg-server-0_99_1","xorg-server-1.1.99.3","xorg-server-1.10.0","xorg-server-1.10.99.901","xorg-server-1.10.99.902","xorg-server-1.11.0","xorg-server-1.11.99.1","xorg-server-1.11.99.901","xorg-server-1.11.99.902","xorg-server-1.11.99.903","xorg-server-1.12.0","xorg-server-1.12.99.901","xorg-server-1.12.99.902","xorg-server-1.12.99.903","xorg-server-1.12.99.904","xorg-server-1.12.99.905","xorg-server-1.13.0","xorg-server-1.13.99.901","xorg-server-1.13.99.902","xorg-server-1.14.0","xorg-server-1.14.99.1","xorg-server-1.14.99.2","xorg-server-1.14.99.3","xorg-server-1.14.99.901","xorg-server-1.14.99.902","xorg-server-1.14.99.903","xorg-server-1.14.99.904","xorg-server-1.14.99.905","xorg-server-1.15.0","xorg-server-1.15.99.901","xorg-server-1.15.99.902","xorg-server-1.15.99.903","xorg-server-1.15.99.904","xorg-server-1.16.0","xorg-server-1.16.99.901","xorg-server-1.16.99.902","xorg-server-1.17.0","xorg-server-1.17.99.901","xorg-server-1.17.99.902","xorg-server-1.18.0","xorg-server-1.18.99.2","xorg-server-1.18.99.901","xorg-server-1.18.99.902","xorg-server-1.19.0","xorg-server-1.19.99.901","xorg-server-1.19.99.902","xorg-server-1.19.99.903","xorg-server-1.19.99.904","xorg-server-1.19.99.905","xorg-server-1.20.0","xorg-server-1.20.1","xorg-server-1.20.2","xorg-server-1.5.99.1","xorg-server-1.6.99.900","xorg-server-1.6.99.901","xorg-server-1.7.99.1","xorg-server-1.7.99.2","xorg-server-1.7.99.901","xorg-server-1.7.99.902","xorg-server-1.8.0","xorg-server-1.8.99.901","xorg-server-1.8.99.902","xorg-server-1.8.99.903","xorg-server-1.8.99.904","xorg-server-1.8.99.905","xorg-server-1.8.99.906","xorg-server-1.9.0","xorg-server-1.9.99.901","xorg-server-1.9.99.902","xorg-server-1.9.99.903","xorg-server-1_0_99_1","xorg-server-1_0_99_2","xorg-server-1_0_99_901","xorg-server-1_1_99_1","xorg-server-1_1_99_2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14665.json","vanir_signatures_modified":"2026-04-11T12:27:33Z","vanir_signatures":[{"digest":{"length":6630,"function_hash":"315373064620892594551951638009703833680"},"source":"https://gitlab.freedesktop.org/xorg/xserver@8a59e3b7dbb30532a7c3769c555e00d7c4301170","signature_type":"Function","deprecated":false,"target":{"function":"ddxProcessArgument","file":"hw/xfree86/common/xf86Init.c"},"id":"CVE-2018-14665-22639977","signature_version":"v1"},{"digest":{"line_hashes":["65873069307278292652010531175368615420","284923232927484381038688238309080919142","27624637168183375727967830732217204166","235860324613668966512981938403285548298","183732425723223922100410593710392118164","114508074504614284615304547286231225643","315439724826352396352105082473061468447","212627248673392263212831660654490005750","95330500942765008061279670440426547946","56839145749456828219969817469731032700","213388443174132321590396988505480979115"],"threshold":0.9},"source":"https://gitlab.freedesktop.org/xorg/xserver@50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e","signature_type":"Line","target":{"file":"hw/xfree86/common/xf86Init.c"},"signature_version":"v1","id":"CVE-2018-14665-6550486b","deprecated":false},{"digest":{"line_hashes":["65873069307278292652010531175368615420","284923232927484381038688238309080919142","27624637168183375727967830732217204166","235860324613668966512981938403285548298","183732425723223922100410593710392118164","114508074504614284615304547286231225643","315439724826352396352105082473061468447","212627248673392263212831660654490005750","95330500942765008061279670440426547946","56839145749456828219969817469731032700","213388443174132321590396988505480979115"],"threshold":0.9},"source":"https://gitlab.freedesktop.org/xorg/xserver@8a59e3b7dbb30532a7c3769c555e00d7c4301170","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2018-14665-78795323","target":{"file":"hw/xfree86/common/xf86Init.c"}},{"digest":{"length":6537,"function_hash":"183506005408712373153446637987835782518"},"source":"https://gitlab.freedesktop.org/xorg/xserver@50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e","signature_type":"Function","target":{"function":"ddxProcessArgument","file":"hw/xfree86/common/xf86Init.c"},"signature_version":"v1","id":"CVE-2018-14665-9355e2b1","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}