]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: f9d9f03) | patch
xserver-xorg: fix CVE-2021-3472
authorStefan Ghinea <stefan.ghinea@windriver.com>
Thu, 29 Apr 2021 17:15:33 +0000 (20:15 +0300)
committerAnuj Mittal <anuj.mittal@intel.com>
Thu, 6 May 2021 02:09:37 +0000 (10:09 +0800)
commit8fbf485f24711ab29972841ba52dcb9dcdabaffb
treeb51d32ba5c6af1c89df30688e5c9f219d3e622cctree | snapshot
parentf9d9f0333bd7c590eb1307c429d43408abffeb00commit | diff
xserver-xorg: fix CVE-2021-3472

Insufficient checks on the lengths of the XInput extension
ChangeFeedbackControl request can lead to out of bounds memory accesses
in the X server.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-3472

Upstream patches:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd

Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6fec5fea942ce88e33e5cf4c2102d69ce25e7180)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2021-3472.patch [new file with mode: 0644] blob
meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.10.bb diff | blob | history
Mirror of the official openembedded-core repository