Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1887276 (CVE-2020-25712) - CVE-2020-25712 xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability
Summary: CVE-2020-25712 xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow p...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-25712
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1903259 1904936 1904937 1904938
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-12 04:10 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-05-18 15:12 UTC (History)
10 users (show)

Fixed In Version: xorg-x11-server 1.20.10
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in xorg-x11-server. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed: 2020-12-14 18:47:14 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:5408 0 None None None 2020-12-14 16:29:19 UTC

Description Huzaifa S. Sidhpurwala 2020-10-12 04:10:39 UTC
A flaw was found in X.Org Server. An heap-buffer overflow was found in XkbSetDeviceInfo may lead to a privilege escalation vulnerability.

Comment 1 Huzaifa S. Sidhpurwala 2020-10-12 04:10:44 UTC
Acknowledgments:

Name: Jan-Niklas Sohn (Trend Micro Zero Day Initiative)

Comment 3 Guilherme de Almeida Suckevicz 2020-12-01 17:29:56 UTC
Created xorg-x11-server tracking bugs for this issue:

Affects: fedora-all [bug 1903259]

Comment 4 Eric Christensen 2020-12-01 19:08:11 UTC
Statement:

The Xorg server in Red Hat Enterprise Linux 8 does not run with root privileges, thus this flaw has been rated as having a moderate impact on that platform.

Comment 5 Huzaifa S. Sidhpurwala 2020-12-07 06:47:13 UTC
External References:

https://lists.x.org/archives/xorg-announce/2020-December/003066.html

Comment 8 errata-xmlrpc 2020-12-14 16:29:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5408 https://access.redhat.com/errata/RHSA-2020:5408

Comment 9 Product Security DevOps Team 2020-12-14 18:47:14 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25712

Comment 10 errata-xmlrpc 2021-05-18 15:12:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1804 https://access.redhat.com/errata/RHSA-2021:1804


Note You need to log in before you can comment on or make changes to this bug.