Bugzilla – Bug 1222312
VUL-0: CVE-2024-31083: xorg-x11-server,xwayland: Use-after-free in ProcRenderAddGlyphs
Last modified: 2024-07-12 13:35:05 UTC
A vulnerability in xorg-server and xwayland. ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server. AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyph_new array would thus have multiple entries pointing to the same non-refcounted glyphs. ProcRenderAddGlyphs() may free a glyph, resulting in a use-after-free when the same glyph pointer is then later used. Introduced in: prior to X11R6.7 (2004) References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31083 https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0 https://seclists.org/oss-sec/2024/q2/22 https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645d https://debbugs.gnu.org/cgi/bugreport.cgi?bug=69762 https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd41c727f https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdca6c3d1f5057eeb3160 https://bugzilla.redhat.com/show_bug.cgi?id=2272000
xwayland done: - sle-15-sp4 - sle-15-sp5 - sle-15-sp6 - ALP
xorg-x11-server done: - sle-12-sp5 - sle-15-sp2 - sle-15-sp4 - sle-15-sp5 - sle-15-sp6 - ALP
Reassigning back to security team.
JFYI, with that fix we see a regression which results in a Xserver crash when running Android Studio (boo#1222442).
This is an autogenerated message for OBS integration: This bug (1222312) was mentioned in https://build.opensuse.org/request/show/1166666 Factory / xorg-x11-server
SUSE-SU-2024:1199-1: An update that solves four vulnerabilities can now be installed. Category: security (important) Bug References: 1222309, 1222310, 1222311, 1222312 CVE References: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083 Maintenance Incident: [SUSE:Maintenance:33211](https://smelt.suse.de/incident/33211/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): xorg-x11-server-1.19.6-10.71.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): xorg-x11-server-1.19.6-10.71.1 SUSE Linux Enterprise Server 12 SP5 (src): xorg-x11-server-1.19.6-10.71.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): xorg-x11-server-1.19.6-10.71.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
(In reply to Stefan Dirsch from comment #6) > JFYI, with that fix we see a regression which results in a Xserver crash > when running Android Studio (boo#1222442). Meanwhile fixed. Resubmitted everything.
SUSE-SU-2024:1265-1: An update that solves three vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1222309, 1222310, 1222312, 1222442 CVE References: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083 Maintenance Incident: [SUSE:Maintenance:33215](https://smelt.suse.de/incident/33215/) Sources used: openSUSE Leap 15.4 (src): xwayland-21.1.4-150400.3.36.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): xwayland-21.1.4-150400.3.36.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1264-1: An update that solves three vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1222309, 1222310, 1222312, 1222442 CVE References: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083 Maintenance Incident: [SUSE:Maintenance:33216](https://smelt.suse.de/incident/33216/) Sources used: openSUSE Leap 15.5 (src): xwayland-22.1.5-150500.7.22.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): xwayland-22.1.5-150500.7.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1263-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1222312, 1222442 CVE References: CVE-2024-31083 Maintenance Incident: [SUSE:Maintenance:33344](https://smelt.suse.de/incident/33344/) Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): xorg-x11-server-1.19.6-10.74.1 SUSE Linux Enterprise Server 12 SP5 (src): xorg-x11-server-1.19.6-10.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): xorg-x11-server-1.19.6-10.74.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): xorg-x11-server-1.19.6-10.74.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1262-1: An update that solves four vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1222309, 1222310, 1222311, 1222312, 1222442 CVE References: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083 Maintenance Incident: [SUSE:Maintenance:33214](https://smelt.suse.de/incident/33214/) Sources used: openSUSE Leap 15.5 (src): xorg-x11-server-21.1.4-150500.7.26.1 Basesystem Module 15-SP5 (src): xorg-x11-server-21.1.4-150500.7.26.1 Development Tools Module 15-SP5 (src): xorg-x11-server-21.1.4-150500.7.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1261-1: An update that solves four vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1222309, 1222310, 1222311, 1222312, 1222442 CVE References: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083 Maintenance Incident: [SUSE:Maintenance:33212](https://smelt.suse.de/incident/33212/) Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): xorg-x11-server-1.20.3-150200.22.5.96.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): xorg-x11-server-1.20.3-150200.22.5.96.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): xorg-x11-server-1.20.3-150200.22.5.96.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): xorg-x11-server-1.20.3-150200.22.5.96.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): xorg-x11-server-1.20.3-150200.22.5.96.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): xorg-x11-server-1.20.3-150200.22.5.96.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): xorg-x11-server-1.20.3-150200.22.5.96.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): xorg-x11-server-1.20.3-150200.22.5.96.1 SUSE Enterprise Storage 7.1 (src): xorg-x11-server-1.20.3-150200.22.5.96.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1260-1: An update that solves four vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1222309, 1222310, 1222311, 1222312, 1222442 CVE References: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083 Maintenance Incident: [SUSE:Maintenance:33213](https://smelt.suse.de/incident/33213/) Sources used: openSUSE Leap 15.4 (src): xorg-x11-server-1.20.3-150400.38.48.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): xorg-x11-server-1.20.3-150400.38.48.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): xorg-x11-server-1.20.3-150400.38.48.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): xorg-x11-server-1.20.3-150400.38.48.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): xorg-x11-server-1.20.3-150400.38.48.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): xorg-x11-server-1.20.3-150400.38.48.1 SUSE Manager Proxy 4.3 (src): xorg-x11-server-1.20.3-150400.38.48.1 SUSE Manager Retail Branch Server 4.3 (src): xorg-x11-server-1.20.3-150400.38.48.1 SUSE Manager Server 4.3 (src): xorg-x11-server-1.20.3-150400.38.48.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1222312) was mentioned in https://build.opensuse.org/request/show/1186897 Factory / xwayland
This is an autogenerated message for OBS integration: This bug (1222312) was mentioned in https://build.opensuse.org/request/show/1187080 Factory / xwayland