maintainer-feedback requested: [Bug 248410] x11-servers/xorg-server: fix CVE-2020-14347 (release 1.20.9 soon)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Aug 1 11:39:27 UTC 2020
Bugzilla Automation <bugzilla at FreeBSD.org> has asked freebsd-x11 (Nobody)
<x11 at FreeBSD.org> for maintainer-feedback:
Bug 248410: x11-servers/xorg-server: fix CVE-2020-14347 (release 1.20.9 soon)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248410
--- Description ---
X.Org security advisory: July 31, 2020
X Server Pixel Data Uninitialized Memory Information Disclosure
===============================================================
CVE-2020-14347
Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.
This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.
Patch
=====
A patch for this issue has been commited to the xorg server git
repository. xorg-server 1.20.9 will be released shortly and will
include this patch.
https://gitlab.freedesktop.org/xorg/xserver.git
diff --git a/dix/pixmap.c b/dix/pixmap.c
index 1186d7dbb..5a0146bbb 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
return NullPixmap;
- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
if (!pPixmap)
return NullPixmap;
Thanks
======
This vulnerability was discovered by Jan-Niklas Sohn working with
Trend Micro Zero Day Initiative.
Patch tested on 12.1 amd64: make check-plist/install.
I didn't restart xorg-server after this upgrade.
More information about the freebsd-x11
mailing list