X.Org Server & XWayland Hit By Four More Security Issues

Written by Michael Larabel in X.Org on 3 April 2024 at 02:56 PM EDT. 151 Comments
Last year the X.Org Server disabled byte-swapped clients by default over being a large and known attack surface within the X.Org/XWayland codebase. That's proven itself to further be the case with 3 of 4 new CVEs made public today being around the byte-swapped code.

The byte-swapped client support is around X.Org/XWayland clients of different CPU endianess to be able to connect to the X.Org Server. Different CPU endianess isn't to common these days and the byte-swapped client support was safely disabled last year without much fuss. Three CVEs made public today involve heap buffer over-read/data leakage within ProcXIGetSelectedEvents, ProcXIPassiveGrabDevice, ProcAppleDRICreatePixmap and due to the byte-swapped handling.

A former X.Org logo attempt posted in the forums.

The fourth issue raised today is a user-after-free within ProcRenderAddGlyphs.

XWayland 23.2.5 and X.Org Server 21.1.12 are published today for fixing these latest four security issues. Details within today's security advisory.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week