Name | CVE-2024-31083 |
Description | A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-3787-1, DSA-5657-1 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
xorg-server (PTS) | bullseye (security), bullseye | 2:1.20.11-1+deb11u13 | fixed |
bookworm, bookworm (security) | 2:21.1.7-3+deb12u7 | fixed | |
sid, trixie | 2:21.1.13-2 | fixed | |
xwayland (PTS) | bookworm | 2:22.1.9-1 | vulnerable |
sid, trixie | 2:24.1.2-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
xorg-server | source | buster | 2:1.20.4-1+deb10u14 | DLA-3787-1 | ||
xorg-server | source | bullseye | 2:1.20.11-1+deb11u13 | DSA-5657-1 | ||
xorg-server | source | bookworm | 2:21.1.7-3+deb12u7 | DSA-5657-1 | ||
xorg-server | source | (unstable) | 2:21.1.11-3 | |||
xwayland | source | (unstable) | 2:23.2.6-1 |
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdca6c3d1f5057eeb31609b1280fc93237b00c77
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
Followup to fix regression: https://gitlab.freedesktop.org/xorg/xserver/-/commit/337d8d48b618d4fc0168a7b978be4c3447650b04