SB2023121308 - Multiple vulnerabilities in X.org Server and Xwayland

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2023-6478)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to integer overflow when handling RRChangeProviderProperty or RRChangeOutputProperty requests. A local user can send a specially crafted request to the server, trigger an integer overflow and gain access to sensitive information.

2) Out-of-bounds write (CVE-ID: CVE-2023-6377)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the XKB button handler when switching logical input devices. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://www.mail-archive.com/xorg-announce@lists.x.org/msg01644.html
• https://www.zerodayinitiative.com/advisories/ZDI-24-009/
• https://www.zerodayinitiative.com/advisories/ZDI-24-011/
• https://www.zerodayinitiative.com/advisories/ZDI-24-010/