Описание
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| xorg-server | fixed | 2:21.1.16-1 | package | |
| xwayland | fixed | 2:24.1.6-1 | package | |
| xwayland | ignored | bookworm | package |
Примечания
https://lists.x.org/archives/xorg-announce/2025-February/003584.html
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242d0ffc7f45ed3c595ee7564b5c04287e0b
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2f93a0c891494eb3334894442a92368030
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8817306af75a60f494ec9dbb1061e50db
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c285798984c6bb99e454a33772cde23d394d3dcd
EPSS
Связанные уязвимости
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
EPSS