Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 01 Aug 2020 11:39:26 +0000
From:      bugzilla-noreply@freebsd.org
To:        x11@FreeBSD.org
Subject:   maintainer-feedback requested: [Bug 248410] x11-servers/xorg-server: fix CVE-2020-14347 (release 1.20.9 soon)
Message-ID:  <bug-248410-7141-wfcOC9qkxM@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-248410-7141@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail 

Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-x11 (Nobody)
<x11@FreeBSD.org> for maintainer-feedback:
Bug 248410: x11-servers/xorg-server: fix CVE-2020-14347 (release 1.20.9 soon)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248410



--- Description ---
X.Org security advisory: July 31, 2020

X Server Pixel Data Uninitialized Memory Information Disclosure 
===============================================================

CVE-2020-14347

Allocation for pixmap data in AllocatePixmap() does not initialize the
memory in xserver, it leads to leak uninitialize heap memory to
clients. When the X server runs with elevated privileges.

This flaw can lead to ASLR bypass, which when combined with other
flaws (known/unknown) could lead to lead to privilege elevation in the
client.

Patch
=====

A patch for this issue has been commited to the xorg server git
repository.  xorg-server 1.20.9 will be released shortly and will
include this patch.

https://gitlab.freedesktop.org/xorg/xserver.git

diff --git a/dix/pixmap.c b/dix/pixmap.c
index 1186d7dbb..5a0146bbb 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
	 return NullPixmap;

-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
	 return NullPixmap;

Thanks
======

This vulnerability was discovered by Jan-Niklas Sohn working with
Trend Micro Zero Day Initiative.


Patch tested on 12.1 amd64: make check-plist/install.
I didn't restart xorg-server after this upgrade.
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248410-7141-wfcOC9qkxM>