xwayland 22.1.9 to fix composite: Fix use-after-free of the COW (!1105) · Merge requests · xorg / xserver

Olivier Fourdan requested to merge ofourdan/xserver:release-xwayland-22.1.9 into xwayland-22.1 Mar 29, 2023

ZDI-CAN-19866/CVE-2023-1393

If a client explicitly destroys the compositor overlay window (aka COW), we would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Make sure to clear the CompScreen pointer to the COW when the latter gets destroyed explicitly by the client.

This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Olivier Fourdan ofourdan@redhat.com Reviewed-by: Adam Jackson ajax@redhat.com (cherry picked from commit 26ef545b)

Admin message

xwayland 22.1.9 to fix composite: Fix use-after-free of the COW

Merge request reports