X.Org Server Hit By Its Latest Batch Of Security Vulnerabilities
Written by Michael Larabel in X.Org on 14 December 2021 at 08:44 AM EST. 53 Comments
X.ORG --
Given the age of the X.Org/X11 code-base security issues have become quite frequent. It was nearly a decade ago that the X.Org Server was considered a "security disaster" and a security researcher saying it's even worse than it looks. Today another batch of X.Org Server security vulnerabilities have been made public.

Four more CVEs were made public today around input validation failures in the X.Org Server that could lead to local privilege escalation. This is for cases where the X.Org Server is still running as a privileged process and supporting remote code execution for SSH X forwarding sessions.

The security issues involve out-of-bounds writes with different aspects of the X.Org Server around render, xfices, xext, and record code.
* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds access

The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write.

* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds access

The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write.

* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access

The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write.

* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access

The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write.

These latest vulnerabilities were found as part of the Trend Micro Zero Day Initiative. Fixes are pending in X.Org Server Git.

More details via the security advisory.

These security advisories do impact XWayland for which XWayland 21.1.4 saw an update this morning.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week