oss-sec mailing list archives
Fwd: X.Org security advisory: July 31, 2020: Xserver
From: Matthieu Herrb <matthieu () herrb eu>
Date: Fri, 31 Jul 2020 16:04:21 +0200
----- Forwarded message from Matthieu Herrb <matthieu () herrb eu> ----- Date: Fri, 31 Jul 2020 15:44:44 +0200 From: Matthieu Herrb <matthieu () herrb eu> To: xorg-announce () lists x org Cc: xorg-devel () lists x org Subject: X.Org security advisory: July 31, 2020: Xserver X.Org security advisory: July 31, 2020 X Server Pixel Data Uninitialized Memory Information Disclosure =============================================================== CVE-2020-14347 Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client. Patch ===== A patch for this issue has been commited to the xorg server git repository. xorg-server 1.20.9 will be released shortly and will include this patch. https://gitlab.freedesktop.org/xorg/xserver.git diff --git a/dix/pixmap.c b/dix/pixmap.c index 1186d7dbb..5a0146bbb 100644 --- a/dix/pixmap.c +++ b/dix/pixmap.c @@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize) if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize) return NullPixmap; - pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize); + pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize); if (!pPixmap) return NullPixmap; Thanks ====== This vulnerability was discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative. -- Matthieu Herrb _______________________________________________ xorg-announce mailing list xorg-announce () lists x org https://lists.x.org/mailman/listinfo/xorg-announce ----- End forwarded message -----
Attachment:
signature.asc
Description:
Current thread:
- Fwd: X.Org security advisory: July 31, 2020: Xserver Matthieu Herrb (Jul 31)