Skip to content

xwayland 23.1.1 to fix composite: Fix use-after-free of the COW

ZDI-CAN-19866/CVE-2023-1393

If a client explicitly destroys the compositor overlay window (aka COW), we would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Make sure to clear the CompScreen pointer to the COW when the latter gets destroyed explicitly by the client.

This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Olivier Fourdan ofourdan@redhat.com Reviewed-by: Adam Jackson ajax@redhat.com (cherry picked from commit 26ef545b)

Merge request reports

Loading