Описание
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| noble | not-affected | code not present |
| oracular | not-affected | code not present |
| plucky | not-affected | code not present |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | not-affected | code not present |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2:21.1.16-1ubuntu1 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | released | 2:1.19.6-1ubuntu4.15+esm12 |
| esm-infra/focal | not-affected | 2:1.20.13-1ubuntu1~20.04.19 |
| esm-infra/xenial | released | 2:1.18.4-0ubuntu0.12+esm17 |
| focal | released | 2:1.20.13-1ubuntu1~20.04.19 |
| jammy | released | 2:21.1.4-2ubuntu1.7~22.04.13 |
| noble | released | 2:21.1.12-1ubuntu1.2 |
| oracular | released | 2:21.1.13-2ubuntu1.2 |
| plucky | released | 2:21.1.16-1ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 2:1.19.6-1ubuntu4.1~16.04.6+esm9 |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/bionic | released | 2:1.20.8-2ubuntu2.2~18.04.11+esm4 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2:24.1.5-1ubuntu1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | released | 2:22.1.1-1ubuntu0.17 |
| noble | released | 2:23.2.6-1ubuntu0.4 |
| oracular | released | 2:24.1.2-1ubuntu0.4 |
| plucky | released | 2:24.1.5-1ubuntu1 |
| upstream | released | 24.1.6 |
Показывать по
EPSS
7.8 High
CVSS3
Связанные уязвимости
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
A use-after-free flaw was found in X.Org and Xwayland. When changing a ...
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
EPSS
7.8 High
CVSS3