Bug 1887276 (CVE-2020-25712)

Summary: CVE-2020-25712 xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: ajax, bskeggs, caillon+fedoraproject, jglisse, ofourdan, rhughes, rstrode, sandmann, security-response-team, xgl-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: xorg-x11-server 1.20.10 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in xorg-x11-server. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-14 18:47:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1903259, 1904936, 1904937, 1904938    
Bug Blocks: 1887277    

Description Huzaifa S. Sidhpurwala 2020-10-12 04:10:39 UTC 
A flaw was found in X.Org Server. An heap-buffer overflow was found in XkbSetDeviceInfo may lead to a privilege escalation vulnerability.
Comment 1 Huzaifa S. Sidhpurwala 2020-10-12 04:10:44 UTC 
Acknowledgments:

Name: Jan-Niklas Sohn (Trend Micro Zero Day Initiative)
Comment 3 Guilherme de Almeida Suckevicz 2020-12-01 17:29:56 UTC 
Created xorg-x11-server tracking bugs for this issue:

Affects: fedora-all [bug 1903259]
Comment 4 Eric Christensen 2020-12-01 19:08:11 UTC 
Statement:

The Xorg server in Red Hat Enterprise Linux 8 does not run with root privileges, thus this flaw has been rated as having a moderate impact on that platform.
Comment 5 Huzaifa S. Sidhpurwala 2020-12-07 06:47:13 UTC 
External References:

https://lists.x.org/archives/xorg-announce/2020-December/003066.html
Comment 6 Huzaifa S. Sidhpurwala 2020-12-07 06:47:51 UTC 
Upstream patch: https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
Comment 8 errata-xmlrpc 2020-12-14 16:29:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5408 https://access.redhat.com/errata/RHSA-2020:5408
Comment 9 Product Security DevOps Team 2020-12-14 18:47:14 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25712
Comment 10 errata-xmlrpc 2021-05-18 15:12:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1804 https://access.redhat.com/errata/RHSA-2021:1804