Xi: allocate enough XkbActions for our buttons (!1217) · Merge requests · xorg / xserver

Peter Hutterer requested to merge whot/xserver:wip/cve-2023-6377 into master Dec 13, 2023

button->xkb_acts is supposed to be an array sufficiently large for all our buttons, not just a single XkbActions struct. Allocating insufficient memory here means when we memcpy() later in XkbSetDeviceInfo we write into memory that wasn't ours to begin with, leading to the usual security ooopsiedaisies.

CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413

This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Xi: allocate enough XkbActions for our buttons

Merge request reports