diff options
Diffstat (limited to 'meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch')
-rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch new file mode 100644 index 0000000000..ef2ee5d55e --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From 0ba6d8c37071131a49790243cdac55392ecf71ec Mon Sep 17 00:00:00 2001 | ||
2 | From: Peter Hutterer <peter.hutterer@who-t.net> | ||
3 | Date: Wed, 25 Jan 2023 11:41:40 +1000 | ||
4 | Subject: [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses | ||
5 | |||
6 | CVE-2023-0494, ZDI-CAN-19596 | ||
7 | |||
8 | This vulnerability was discovered by: | ||
9 | Jan-Niklas Sohn working with Trend Micro Zero Day Initiative | ||
10 | |||
11 | Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> | ||
12 | |||
13 | Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec] | ||
14 | CVE: CVE-2023-0494 | ||
15 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
16 | --- | ||
17 | Xi/exevents.c | 4 +++- | ||
18 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/Xi/exevents.c b/Xi/exevents.c | ||
21 | index 217baa9561..dcd4efb3bc 100644 | ||
22 | --- a/Xi/exevents.c | ||
23 | +++ b/Xi/exevents.c | ||
24 | @@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to) | ||
25 | memcpy(to->button->xkb_acts, from->button->xkb_acts, | ||
26 | sizeof(XkbAction)); | ||
27 | } | ||
28 | - else | ||
29 | + else { | ||
30 | free(to->button->xkb_acts); | ||
31 | + to->button->xkb_acts = NULL; | ||
32 | + } | ||
33 | |||
34 | memcpy(to->button->labels, from->button->labels, | ||
35 | from->button->numButtons * sizeof(Atom)); | ||
36 | -- | ||
37 | GitLab | ||
38 | |||