A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
Weakness
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| X_server | X.org | * | 1.20.9 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | xorg-x11-server-0:1.20.4-15.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | egl-wayland-0:1.1.5-3.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | libdrm-0:2.4.103-1.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | libglvnd-1:1.3.2-1.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | libinput-0:1.16.3-1.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | libwacom-0:1.6-2.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | libX11-0:1.6.8-4.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | mesa-0:20.3.3-2.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | xorg-x11-drivers-0:7.7-30.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | xorg-x11-server-0:1.20.10-1.el8 | * |
| Xorg | Ubuntu | trusty | * |
| Xorg-server | Ubuntu | bionic | * |
| Xorg-server | Ubuntu | devel | * |
| Xorg-server | Ubuntu | esm-infra-legacy/trusty | * |
| Xorg-server | Ubuntu | esm-infra/bionic | * |
| Xorg-server | Ubuntu | esm-infra/focal | * |
| Xorg-server | Ubuntu | esm-infra/xenial | * |
| Xorg-server | Ubuntu | focal | * |
| Xorg-server | Ubuntu | trusty | * |
| Xorg-server | Ubuntu | trusty/esm | * |
| Xorg-server | Ubuntu | upstream | * |
| Xorg-server | Ubuntu | xenial | * |
| Xorg-server-hwe-16.04 | Ubuntu | esm-infra/xenial | * |
| Xorg-server-hwe-16.04 | Ubuntu | upstream | * |
| Xorg-server-hwe-16.04 | Ubuntu | xenial | * |
| Xorg-server-hwe-18.04 | Ubuntu | bionic | * |
| Xorg-server-hwe-18.04 | Ubuntu | esm-infra/bionic | * |
| Xorg-server-hwe-18.04 | Ubuntu | upstream | * |
| Xorg-server-lts-utopic | Ubuntu | trusty | * |
| Xorg-server-lts-vivid | Ubuntu | trusty | * |
| Xorg-server-lts-wily | Ubuntu | trusty | * |
| Xorg-server-lts-xenial | Ubuntu | trusty | * |
Potential Mitigations
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable’s type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed.
Related Attack Patterns
References
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347
- https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html
- https://lists.x.org/archives/xorg-announce/2020-July/003051.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-1/
- https://usn.ubuntu.com/4488-2/
- https://www.debian.org/security/2020/dsa-4758
- https://www.openwall.com/lists/oss-security/2020/07/31/2
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347
- https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html
- https://lists.x.org/archives/xorg-announce/2020-July/003051.html
- https://security.gentoo.org/glsa/202012-01
- https://usn.ubuntu.com/4488-1/
- https://usn.ubuntu.com/4488-2/
- https://www.debian.org/security/2020/dsa-4758
- https://www.openwall.com/lists/oss-security/2020/07/31/2