summaryrefslogtreecommitdiffstats
path: root/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-2.patch
diff options
context:
space:
mode:
authorVijay Anusuri <vanusuri@mvista.com>2024-01-19 17:37:37 +0530
committerSteve Sakoman <steve@sakoman.com>2024-01-24 04:04:55 -1000
commitd9f531b374da4dc36b523a7f6db2de9706a2e111 (patch)
tree4c697a827d740bdd9975d41aa6cd7850678be7e5 /meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-2.patch
parentb3e1dabe66cf0cb488649d20331efd65b0717426 (diff)
downloadpoky-d9f531b374da4dc36b523a7f6db2de9706a2e111.tar.gz
xserver-xorg: Multiple CVE fixes
Fix below CVE's CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886 CVE-2024-0408 CVE-2024-0409 (From OE-Core rev: ad696a0067e11c332a4542ccacd76455f5fbd984) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-2.patch')
-rw-r--r--meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-2.patch57
1 files changed, 57 insertions, 0 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-2.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-2.patch
new file mode 100644
index 0000000000..af607df4f0
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-2.patch
@@ -0,0 +1,57 @@
1From 26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 Mon Sep 17 00:00:00 2001
2From: Peter Hutterer <peter.hutterer@who-t.net>
3Date: Fri, 5 Jan 2024 09:40:27 +1000
4Subject: [PATCH] dix: when disabling a master, float disabled slaved devices
5 too
6
7Disabling a master device floats all slave devices but we didn't do this
8to already-disabled slave devices. As a result those devices kept their
9reference to the master device resulting in access to already freed
10memory if the master device was removed before the corresponding slave
11device.
12
13And to match this behavior, also forcibly reset that pointer during
14CloseDownDevices().
15
16Related to CVE-2024-21886, ZDI-CAN-22840
17
18Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8]
19CVE: CVE-2024-21886
20Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
21---
22 dix/devices.c | 12 ++++++++++++
23 1 file changed, 12 insertions(+)
24
25diff --git a/dix/devices.c b/dix/devices.c
26index 389d28a23c..84a6406d13 100644
27--- a/dix/devices.c
28+++ b/dix/devices.c
29@@ -483,6 +483,13 @@ DisableDevice(DeviceIntPtr dev, BOOL sendevent)
30 flags[other->id] |= XISlaveDetached;
31 }
32 }
33+
34+ for (other = inputInfo.off_devices; other; other = other->next) {
35+ if (!IsMaster(other) && GetMaster(other, MASTER_ATTACHED) == dev) {
36+ AttachDevice(NULL, other, NULL);
37+ flags[other->id] |= XISlaveDetached;
38+ }
39+ }
40 }
41 else {
42 for (other = inputInfo.devices; other; other = other->next) {
43@@ -1088,6 +1095,11 @@ CloseDownDevices(void)
44 dev->master = NULL;
45 }
46
47+ for (dev = inputInfo.off_devices; dev; dev = dev->next) {
48+ if (!IsMaster(dev) && !IsFloating(dev))
49+ dev->master = NULL;
50+ }
51+
52 CloseDeviceList(&inputInfo.devices);
53 CloseDeviceList(&inputInfo.off_devices);
54
55--
56GitLab
57