Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 928531 (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083) - <x11-base/{xorg-server-21.1.12,xwayland-23.2.5}: multiple vulnerabilities
Summary: <x11-base/{xorg-server-21.1.12,xwayland-23.2.5}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://lists.freedesktop.org/archive...
Whiteboard: A3 [glsa+]
Keywords:
Depends on: 929229 929234
Blocks:
  Show dependency tree
 
Reported: 2024-04-03 19:50 UTC by Christopher Fore
Modified: 2024-11-17 09:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2024-04-03 19:50:41 UTC
CVE-2024-31080:

The ProcXIGetSelectedEvents() function uses the byte-swapped length of the
return data for the amount of data to return to the client, if the client
has a different endianness than the X server. 


CVE-2024-31081:

The ProcXIPassiveGrabDevice() function uses the byte-swapped length of the
return data for the amount of data to return to the client, if the client
has a different endianness than the X server. 


CVE-2024-31082:

The ProcAppleDRICreatePixmap() function uses the byte-swapped length of the
return data for the amount of data to return to the client, if the client
has a different endianness than the X server.  This function is only found
in the Xquartz server for MacOS systems, and not in Xwayland, Xorg, or any
other X servers. 

CVE-2024-31083:

The ProcRenderAddGlyphs() function calls the AllocateGlyph() function
to store new glyphs sent by the client to the X server.  AllocateGlyph()
would return a new glyph with refcount=0 and a re-used glyph would end up
not changing the refcount at all. The resulting glyph_new array would thus
have multiple entries pointing to the same non-refcounted glyphs.
Comment 1 Christopher Fore 2024-04-03 19:53:17 UTC
The above are fixed in xorg-server 21.1.12 and xwayland 23.2.5
Comment 2 Larry the Git Cow gentoo-dev 2024-04-03 20:33:31 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7febe476aa2414645a436d1483a2e4dac2ff8f6b

commit 7febe476aa2414645a436d1483a2e4dac2ff8f6b
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2024-04-03 19:56:04 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2024-04-03 20:33:26 +0000

    x11-base/xwayland: Version bump to 23.2.5
    
    Bug: https://bugs.gentoo.org/927716
    Bug: https://bugs.gentoo.org/928531
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 .../libva-intel-media-driver-24.2.0.ebuild         |   4 +-
 x11-base/xwayland/Manifest                         |   1 +
 x11-base/xwayland/xwayland-23.2.5.ebuild           | 113 +++++++++++++++++++++
 3 files changed, 116 insertions(+), 2 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-04-03 22:56:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=784d8d4263c2a0f3631b3ad4aed6ce31a4aea1b6

commit 784d8d4263c2a0f3631b3ad4aed6ce31a4aea1b6
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2024-04-03 22:51:55 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2024-04-03 22:56:51 +0000

    x11-base/xorg-server: Version bump to 21.1.12
    
    Bug: https://bugs.gentoo.org/928531
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-base/xorg-server/Manifest                   |   1 +
 x11-base/xorg-server/xorg-server-21.1.12.ebuild | 194 ++++++++++++++++++++++++
 2 files changed, 195 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2024-04-21 21:09:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ed4f356f44f3eaeac9f5649c9536ffa2f13cc02

commit 2ed4f356f44f3eaeac9f5649c9536ffa2f13cc02
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2024-04-21 21:05:03 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2024-04-21 21:07:13 +0000

    x11-base/xorg-server: Drop old versions
    
    Bug: https://bugs.gentoo.org/928531
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-base/xorg-server/Manifest                   |   2 -
 x11-base/xorg-server/xorg-server-21.1.11.ebuild | 195 ------------------------
 x11-base/xorg-server/xorg-server-21.1.12.ebuild | 194 -----------------------
 3 files changed, 391 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2024-04-25 16:10:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7aa6f1c19579b1f8c0dfb5c3e709a34f940d0e1

commit c7aa6f1c19579b1f8c0dfb5c3e709a34f940d0e1
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2024-04-25 16:03:18 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2024-04-25 16:09:40 +0000

    x11-base/xwayland: Drop old versions
    
    Bug: https://bugs.gentoo.org/928531
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-base/xwayland/Manifest                        |   2 -
 x11-base/xwayland/files/xwayland-23.2.4-c99.patch |  72 --------------
 x11-base/xwayland/xwayland-23.2.4-r1.ebuild       | 113 ----------------------
 x11-base/xwayland/xwayland-23.2.4.ebuild          | 112 ---------------------
 x11-base/xwayland/xwayland-23.2.5.ebuild          | 113 ----------------------
 5 files changed, 412 deletions(-)
Comment 6 Larry the Git Cow gentoo-dev 2024-11-17 09:49:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=9d38db782e6834a127a554309f114f6784c9e3bf

commit 9d38db782e6834a127a554309f114f6784c9e3bf
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-11-17 09:49:25 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-11-17 09:49:37 +0000

    [ GLSA 202411-08 ] X.Org X server, XWayland: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/928531
    Bug: https://bugs.gentoo.org/942465
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202411-08.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)