Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 857780 (CVE-2022-2319, CVE-2022-2320)

Summary: <x11-base/xorg-server-21.1.4 <x11-base/xwayland-22.1.3: multiple vulnerabilities
Product: Gentoo Security Reporter: Matthew Smith <matthew>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: critical CC: bertrand, t-mo, x11
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://lists.x.org/archives/xorg/2022-July/061035.html
Whiteboard: A0 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 858140    
Bug Blocks:    

Description Matthew Smith gentoo-dev 2022-07-12 17:00:44 UTC
Multiple input validation failures in X server extensions
=========================================================

All theses issues can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for
ssh X forwarding sessions.

* CVE-2022-2319/ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds
Access

The handler for the ProcXkbSetGeometry request of the Xkb extension does
not properly validate the request length leading to out of bounds memory
write.

* CVE-2022-2320/ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds
Access

The handler for the ProcXkbSetDeviceInfo request of the Xkb extension
does not properly validate the request length leading to out of bounds
memory write.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-12 17:49:22 UTC
Dropping version from summary as there's no fixed version in tree yet.
Comment 2 Larry the Git Cow gentoo-dev 2022-07-12 23:55:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca3090608d19325d661cd5adcc0bacae1f27e631

commit ca3090608d19325d661cd5adcc0bacae1f27e631
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-07-12 22:40:07 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-07-12 23:54:02 +0000

    x11-base/xwayland: Version bump to 22.1.3
    
    Bug: https://bugs.gentoo.org/857780
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-base/xwayland/Manifest               |   1 +
 x11-base/xwayland/xwayland-22.1.3.ebuild | 100 +++++++++++++++++++++++++++++++
 2 files changed, 101 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e34eee57d1bdb2ed4b9655b0e040190f8dce458

commit 8e34eee57d1bdb2ed4b9655b0e040190f8dce458
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-07-12 22:39:48 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-07-12 23:54:02 +0000

    x11-base/xorg-server: Version bump to 21.1.4
    
    Bug: https://bugs.gentoo.org/857780
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-base/xorg-server/Manifest                  |   1 +
 x11-base/xorg-server/xorg-server-21.1.4.ebuild | 188 +++++++++++++++++++++++++
 2 files changed, 189 insertions(+)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-07-13 00:33:23 UTC
Matt mentioned that the old xorg series will need a release (1.20.x).
Comment 4 Larry the Git Cow gentoo-dev 2022-08-29 23:51:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=131060c8153116f05ddcee1a3f3e43cbe4c6587d

commit 131060c8153116f05ddcee1a3f3e43cbe4c6587d
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-08-29 23:47:35 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-08-29 23:51:04 +0000

    profiles: Mask x11-base/xorg-server-1.20 for removal
    
    Bug: https://bugs.gentoo.org/857780
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-01 17:14:26 UTC
Thanks Matt!
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-22 03:03:25 UTC
GLSA request filed
Comment 7 Larry the Git Cow gentoo-dev 2022-10-31 01:42:36 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=d903ef303340948f964b5f3ec4991a84fef98411

commit d903ef303340948f964b5f3ec4991a84fef98411
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-31 01:25:37 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-31 01:40:16 +0000

    [ GLSA 202210-30 ] X.Org X server, XWayland: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/857780
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-30.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-31 02:18:34 UTC
GLSA released, all done!