mirror of
https://github.com/X11Libre/xserver.git
synced 2026-04-06 15:14:07 +00:00
0e4ed94952
If XkbChangeTypesOfKey() is called with nGroups == 0, it will resize the key syms to 0 but leave the key actions unchanged. If later, the same function is called with a non-zero value for nGroups, this will cause a buffer overflow because the key actions are of the wrong size. To avoid the issue, make sure to resize both the key syms and key actions when nGroups is 0. CVE-2025-26597, ZDI-CAN-25683 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
30 KiB
30 KiB