The X.org Server team has released version 21.1.10, along with the DDX component xwayland 23.2.3, to address issues and vulnerabilities in the X.org Server. These updates aim to facilitate the implementation of X11 applications based on Wayland. The vulnerability fixes in the new versions eliminate two security issues.
The first vulnerability, identified as cve-2023-6377, is related to an overflow buffer in the XKB button processing. This issue occurs when switching the logical input device and results from incorrect calculation of information about the device. The X-server only allocates memory for one XKB button processor, disregarding the actual number of buttons on the new device. Consequently, a request to change the XKB buttons leads to data being written outside the buffer. This problem has been present since the release of Xorg-Server-1.6.0 in 2009.
The second vulnerability, identified as CVE-2023-6478, is an integer overflow issue that occurs when executing RRCHANGEPROVIDERPROPROPERTY and RRCHANGEOUTPROPROPROPROPROPROTY requests. This vulnerability allows for reading data from outside the buffer and can result in information leakage. The problem is caused by using a 32-bit integer type for calculating sizes, which can be overwhelmed when large requests are transmitted. This issue has been present since the releases of Xorg-Server-1.4.0 in 2004 and Xorg-Server-1.13.0 in 2012.
In addition to the vulnerability fixes, the X.org Server team has removed the UMS (Userspace Mode-Setting) support from the DRM-MISC-Next branch in Linux 6.8. The UMS interface was used in outdated drivers and allowed for video mode switching at the user level. However, support for UMS interface drivers was discontinued in 2016. In the kernel release 6.8, the following drivers were removed: I810 (old integrated Intel 8xx video cards), MGA (Matrox GPU), R128 (ATI Rage 128 GPU), SAVAGE (S3 Savage GPU), Sis (Crusty Sis GPU), TDFX (3DFX VOODOOO), and VIA (Via IGP). As there were no requests to bring back these drivers, the X.org Server team decided to remove the UMS infrastructure elements used in these drivers. The remaining drivers have already transitioned to the KMS (Kernel Mode Setting) interface for video mode switching.