Snippets Groups Projects

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

The migration is almost done, at least the rest should happen in the background. There are still a few technical difference between the old cluster and the new ones, and they are summarized in this issue. Please pay attention to the TL:DR at the end of the comment.

Commit 26ef545b authored 2 years ago by Olivier Fourdan

composite: Fix use-after-free of the COW


ZDI-CAN-19866/CVE-2023-1393

If a client explicitly destroys the compositor overlay window (aka COW),
we would leave a dangling pointer to that window in the CompScreen
structure, which will trigger a use-after-free later.

Make sure to clear the CompScreen pointer to the COW when the latter gets
destroyed explicitly by the client.

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>

parent 6153c71c

No related branches found

No related tags found

1 merge request!1103composite: Fix use-after-free of the COW

Hide whitespace changes

Inline Side-by-side

Showing with 5 additions and 0 deletions

Olivier Fourdan @ofourdan
mentioned in merge request !1104 (merged)
· 2 years ago

mentioned in merge request !1104 (merged)

mentioned in merge request !1104

Toggle commit list
Olivier Fourdan @ofourdan
mentioned in merge request !1105 (merged)
· 2 years ago

mentioned in merge request !1105 (merged)

mentioned in merge request !1105

Toggle commit list
Olivier Fourdan @ofourdan
mentioned in merge request !1106 (merged)
· 2 years ago

mentioned in merge request !1106 (merged)

mentioned in merge request !1106

Toggle commit list

Please register or to comment