Loading...

XML

Word

Printable

Type: Security Vulnerability
Resolution: Fixed
Priority: Important (Ebuild)
Fix Version/s: None
Component/s: None
Labels:
- cve
- ebuild
- glsa
- package

Impact:
This is a CVE and should be fixed.

details

from https://lists.x.org/archives/xorg/2022-July/061035.html

Multiple input validation failures in X server extensions
=========================================================

All theses issues can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for
ssh X forwarding sessions.

CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds
Access

The handler for the ProcXkbSetGeometry request of the Xkb extension does
not properly validate the request length leading to out of bounds memory
write.

CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds
Access

The handler for the ProcXkbSetDeviceInfo request of the Xkb extension
does not properly validate the request length leading to out of bounds
memory write.

patches for backporting

(needed for backport) https://gitlab.freedesktop.org/xorg/xserver/-/commit/f1070c01d616c5f21f939d5ebc533738779451ac
(CVE-2022-2319 fix) https://gitlab.freedesktop.org/xorg/xserver/-/commit/6907b6ea2b4ce949cb07271f5b678d5966d9df42
(CVE-2022-2320 fix) https://gitlab.freedesktop.org/xorg/xserver/-/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc

upstream fix

in xorg-server 21.1.4

Assignee:: mrl5

Reporter:: mrl5

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 15/Jul/22 11:16 AM

Updated:: 17/Jul/22 12:19 PM

Resolved:: 17/Jul/22 12:19 PM

Details

Description

details

patches for backporting

upstream fix

Attachments

Activity

People

Dates