VuXML ID | Description |
6cc63bf5-a727-4155-8ec4-68b626475e68 | xorg-server -- Security issue in the X server
The X.org project reports:
Discovery 2023-02-07 Entry 2023-02-08 xorg-server
xephyr
xorg-vfbserver
< 21.1.7,1
xorg-nestserver
< 21.1.7,2
xwayland
< 22.1.8,1
xwayland-devel
< 21.0.99.1.386
https://lists.x.org/archives/xorg-announce/2023-February/003320.html
CVE-2023-0494
|
7274e0cc-575f-41bc-8619-14a41b3c2ad0 | xorg-server -- multiple vulnerabilities
Adam Jackson reports:
One regression fix since 1.19.4 (mea culpa), and fixes for
CVEs 2017-12176 through 2017-12187.
Discovery 2017-10-12 Entry 2017-10-13 xephyr
< 1.18.4_5,1
xorg-dmx
< 1.18.4_5,1
xorg-nestserver
< 1.19.1_2,2
xorg-server
< 1.18.4_5,1
xorg-vfbserver
< 1.19.1_2,1
xwayland
< 1.19.1_2
https://lists.x.org/archives/xorg-announce/2017-October/002814.html
CVE-2017-12176
CVE-2017-12177
CVE-2017-12178
CVE-2017-12179
CVE-2017-12180
CVE-2017-12181
CVE-2017-12182
CVE-2017-12183
CVE-2017-12184
CVE-2017-12185
CVE-2017-12186
CVE-2017-12187
|
9fa7b139-c1e9-409e-bed0-006aadcf5845 | xorg-server -- Multiple security issues in X server extensions
The X.org project reports:
- CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack
overflow
The swap handler for the XTestFakeInput request of the XTest extension
may corrupt the stack if GenericEvents with lengths larger than 32 bytes
are sent through a the XTestFakeInput request.
This issue does not affect systems where client and server use the same
byte order.
- CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab
out-of-bounds access
The handler for the XIPassiveUngrab request accesses out-of-bounds
memory when invoked with a high keycode or button code.
- CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify
use-after-free
The handler for the XvdiSelectVideoNotify request may write to memory
after it has been freed.
- CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes
use-after-free
The handler for the ScreenSaverSetAttributes request may write to memory
after it has been freed.
- CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty
out-of-bounds access
The handler for the XIChangeProperty request has a length-validation
issues, resulting in out-of-bounds memory reads and potential
information disclosure.
- CVE-2022-4283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free
The XkbCopyNames function left a dangling pointer to freed memory,
resulting in out-of-bounds memory access on subsequent XkbGetKbdByName
requests.
Discovery 2022-12-14 Entry 2023-01-11 xorg-server
xephyr
xorg-vfbserver
< 21.1.5,1
xorg-nestserver
< 21.1.5,2
xwayland
< 22.1.6,1
xwayland-devel
< 21.0.99.1.319
https://lists.x.org/archives/xorg-announce/2022-December/003302.html
CVE-2022-46340
CVE-2022-46341
CVE-2022-46342
CVE-2022-46343
CVE-2022-46344
CVE-2022-4283
|
972568d6-3485-40ab-80ff-994a8aaf9683 | xorg-server -- Multiple vulnerabilities
The X.Org project reports:
- CVE-2023-6377/ZDI-CAN-22412/ZDI-CAN-22413: X.Org
server: Out-of-bounds memory write in XKB button actions
A device has XKB button actions for each button on the
device. When a logical device switch happens (e.g. moving
from a touchpad to a mouse), the server re-calculates the
information available on the respective master device
(typically the Virtual Core Pointer). This re-calculation
only allocated enough memory for a single XKB action
rather instead of enough for the newly active physical
device's number of button. As a result, querying or
changing the XKB button actions results in out-of-bounds
memory reads and writes.
This may lead to local privilege escalation if the server is run as root or
remote code execution (e.g. x11 over ssh).
- CVE-2023-6478/ZDI-CAN-22561: X.Org server:
Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty
This fixes an OOB read and the resulting information disclosure.
Length calculation for the request was clipped to a 32-bit integer. With
the correct stuff->nUnits value the expected request size was
truncated, passing the REQUEST_FIXED_SIZE check.
The server then proceeded with reading at least stuff->nUnits bytes
(depending on stuff->format) from the request and stuffing whatever it
finds into the property. In the process it would also allocate at least
stuff->nUnits bytes, i.e. 4GB.
Discovery 2023-12-13 Entry 2023-12-13 xorg-server
xephyr
xorg-vfbserver
< 21.1.10,1
xorg-nestserver
< 21.1.10,2
xwayland
< 23.2.3,1
xwayland-devel
< 21.0.99.1.582
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
CVE-2023-6377
CVE-2023-6478
|
4f8ffb9c-f388-4fbd-b90f-b3131559d888 | xorg-server -- multiple vulnerabilities
Alan Coopersmith reports:
X.Org thanks Michal Srb of SuSE for finding these issues
and bringing them to our attention, Julien Cristau of
Debian for getting the fixes integrated, and Adam Jackson
of Red Hat for publishing the release.
Discovery 2017-10-04 Entry 2017-10-09 xephyr
< 1.18.4_4,1
xorg-dmx
< 1.18.4_4,1
xorg-nestserver
< 1.19.1_1,2
xorg-server
< 1.18.4_4,1
xorg-vfbserver
< 1.19.1_1,1
xwayland
< 1.19.1_1
https://lists.x.org/archives/xorg-announce/2017-October/002809.html
CVE-2017-13721
CVE-2017-13723
|
9e2fdfc7-e237-4393-9fa5-2d50908c66b3 | xorg-server -- Multiple vulnerabilities
The X.Org project reports:
- ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write
in XIChangeDeviceProperty/RRChangeOutputProperty
When prepending values to an existing property an
invalid offset calculation causes the existing values to
be appended at the wrong offset. The resulting memcpy()
would write into memory outside the heap-allocated
array.
- ZDI-CAN-21608/CVE-2023-5380: Use-after-free bug in
DestroyWindow
This vulnerability requires a legacy multi-screen setup
with multiple protocol screens ("Zaphod"). If the pointer
is warped from one screen to the root window of the other
screen, the enter/leave code may retain a reference to the
previous pointer window. Destroying this window leaves
that reference in place, other windows may then trigger a
use-after-free bug when they are destroyed.
Discovery 2023-10-25 Entry 2023-10-25 xorg-server
xephyr
xorg-vfbserver
< 21.1.9,1
xorg-nestserver
< 21.1.9,2
xwayland
< 23.2.2,1
xwayland-devel
< 21.0.99.1.542
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
CVE-2023-5367
CVE-2023-5380
|
96d84238-b500-490b-b6aa-2b77090a0410 | xorg-server -- Overlay Window Use-After-Free
The X.Org project reports:
- ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free
Local Privilege Escalation Vulnerability
If a client explicitly destroys the compositor overlay window (aka COW),
the Xserver would leave a dangling pointer to that window in the CompScreen
structure, which will trigger a use-after-free later.
Discovery 2023-03-29 Entry 2023-03-29 xorg-server
xephyr
xorg-vfbserver
< 21.1.8,1
xorg-nestserver
< 21.1.8,2
xwayland
ge 23.0.0,1 lt 23.1.1,1
< 22.1.9,1
xwayland-devel
< 21.0.99.1.439
https://lists.x.org/archives/xorg-announce/2023-March/003374.html
CVE-2023-1393
|