X.Org server security advisory: April 13, 2021

Matthieu Herrb matthieu at herrb.eu
Tue Apr 13 14:02:29 UTC 2021


X.Org server security advisory: April 13, 2021


Input validation failures in X server XInput extension
======================================================


Insufficient checks on the lengths of the XInput extension
ChangeFeedbackControl request can lead to out of bounds memory
accesses in the X server.

These issues can lead to privilege escalation for authorized clients
on systems where the X server is running privileged.

* CVE-2021-3472 / ZDI CAN 12549 XChangeFeedbackControl Integer Underflow

Patch
-----

A patch for this issue has been committed to the xorg server git
repository. xorg-server 1.20.11 and xwayland 21.1.1 will be released
shortly and will include this patch.

https://gitlab.freedesktop.org/xorg/xserver.git

commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd

Fix XChangeFeedbackControl() request underflow

CVE-2021-3472 / ZDI-CAN-1259

Thanks
======

These vulnerabilities have been discovered by Jan-Niklas Sohn working
with Trend Micro Zero Day Initiative.

-- 
Matthieu Herrb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20210413/969e8e48/attachment.sig>


More information about the xorg-devel mailing list