Bug 1168716 (CVE-2014-8103)
Summary: | CVE-2014-8103 xorg-x11-server: out of bounds access due to not validating length or offset values in DRI3 & Present extensions | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | airlied, ajax, chazlett, jrusnack, peter.hutterer, security-response-team | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: |
Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server.
|
Story Points: | --- | ||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2014-12-11 20:58:36 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1170916, 1170917, 1170918, 1170919 | ||||||||
Bug Blocks: | 1168310 | ||||||||
Attachments: |
|
Description
Vasyl Kaigorodov
2014-11-27 16:09:44 UTC
Created attachment 962154 [details]
0011-dri3_unvalidated_lengths_in_DRI3_extension_swapped_procs_CVE-2014-8103_1-2.patch
Created attachment 962155 [details]
0012-present_unvalidated_lengths_in_Present_extension_procs_CVE-2014-8103_2-2.patch
OOB read leading to crash. External References: http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2014:1983 https://rhn.redhat.com/errata/RHSA-2014-1983.html |