mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-26 00:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

xserver-xorg: Fix for CVE-2025-26597

Browse Source 
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949

(From OE-Core rev: 9d095e34da2adde63358a878cfac45ea28727bdf)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri
2025-02-27 18:02:02 +05:30
committed by Steve Sakoman
parent ed888d5c11
commit 8e5a4d12ba
2 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26597.patch Normal file
View File

@@ -0,0 +1,46 @@
From 0e4ed94952b255c04fe910f6a1d9c852878dcd64 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Thu, 28 Nov 2024 14:09:04 +0100
Subject: [PATCH] xkb: Fix buffer overflow in XkbChangeTypesOfKey()
If XkbChangeTypesOfKey() is called with nGroups == 0, it will resize the
key syms to 0 but leave the key actions unchanged.
If later, the same function is called with a non-zero value for nGroups,
this will cause a buffer overflow because the key actions are of the wrong
size.
To avoid the issue, make sure to resize both the key syms and key actions
when nGroups is 0.
CVE-2025-26597, ZDI-CAN-25683
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949]
CVE: CVE-2025-26597
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
xkb/XKBMisc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xkb/XKBMisc.c b/xkb/XKBMisc.c
index abbfed90eb..fd180fad2c 100644
--- a/xkb/XKBMisc.c
+++ b/xkb/XKBMisc.c
@@ -553,6 +553,7 @@ XkbChangeTypesOfKey(XkbDescPtr xkb,
i = XkbSetNumGroups(i, 0);
xkb->map->key_sym_map[key].group_info = i;
XkbResizeKeySyms(xkb, key, 0);
+ XkbResizeKeyActions(xkb, key, 0);
return Success;
}
--
GitLab

1
meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
View File

@@ -26,6 +26,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2025-26594-2.patch \
file://CVE-2025-26595.patch \
file://CVE-2025-26596.patch \
file://CVE-2025-26597.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"