pool/xorg-x11-server
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xorg-x11-server/u_fbdevhw_kernel6.9_break_fbdev_open.patch
Stefan Dirsch f15e897874 - U_CVE-2025-26594-0001-Cursor-Refuse-to-free-the-root-cursor.patch 
U_CVE-2025-26594-0002-dix-keep-a-ref-to-the-rootCursor.patch
  * Use-after-free of the root cursor (CVE-2025-26594, bsc#1237427)
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
  * Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
- U_CVE-2025-26596-0001-xkb-Fix-computation-of-XkbSizeKeySyms.patch
  * Heap overflow in XkbWriteKeySyms() (CVE-2025-26596, bsc#1237430)
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
  * Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597, bsc#1237431)
- U_CVE-2025-26598-0001-Xi-Fix-barrier-device-search.patch
  * Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598, bsc#1237432)
- U_CVE-2025-26599-0001-composite-Handle-failure-to-redirect-in-compRedirect.patch
  U_CVE-2025-26599-0002-composite-initialize-border-clip-even-when-pixmap-al.patch
  * Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599, bsc#1237433)
- U_CVE-2025-26600-0001-dix-Dequeue-pending-events-on-frozen-device-on-remov.patch
  * Use-after-free in PlayReleasedEvents() (CVE-2025-26600, bsc#1237434)
- U_CVE-2025-26601-0001-sync-Do-not-let-sync-objects-uninitialized.patch
  U_CVE-2025-26601-0002-sync-Check-values-before-applying-changes.patch
  U_CVE-2025-26601-0003-sync-Do-not-fail-SyncAddTriggerToSyncObject.patch
  U_CVE-2025-26601-0004-sync-Apply-changes-last-in-SyncChangeAlarmAttributes.patch
  * Use-after-free in SyncInitTrigger() (CVE-2025-26601, bsc#1237435)

OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=907
2025-02-25 18:04:55 +00:00

46 lines
1.8 KiB
Diff
Raw Blame History

Linux kernel v6.9 has changed the symlink to point to the parent device.
This breaks fbdev_open() detection logic. Change it to use the subsystem
symlink instead which will remain stable.
Kernel v6.8:
[ 14.067] (II) fbdev_open() sysfs_path=/sys/class/graphics/fb0
[ 14.067] (II) fbdev_open() buf=../../devices/platform/vesa-framebuffer.0/graphics/fb0
Kernel v6.9:
[ 15.609] (II) fbdev_open() sysfs_path=/sys/class/graphics/fb0
[ 15.609] (II) fbdev_open() buf=../../devices/pci0000:00/0000:00:01.0/vesa-framebuffer.0/graphics/fb0
Originally found in automated Debian ISO QA testing [0] and confirmed in Linux [1].
Tested on kernels v6.9.7 and v6.8.12
[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D1075713
[1] https://lore.kernel.org/lkml/lLyvPFC_APGHNfyGNHRpQy5izBikkaTPOpHooZIT3f=
FAoJPquSI31ZMueA99XTdr8ysir3X7O7IMdc6za-0m79vr_claeparHhoRouVgHOI=3D@proton=
.me/
Fixes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1714
Signed-off-by: Tj <tj.iam.tj@proton.me>
---
hw/xfree86/fbdevhw/fbdevhw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: xorg-server-21.1.12/hw/xfree86/fbdevhw/fbdevhw.c
===================================================================
--- xorg-server-21.1.12.orig/hw/xfree86/fbdevhw/fbdevhw.c
+++ xorg-server-21.1.12/hw/xfree86/fbdevhw/fbdevhw.c
@@ -335,9 +335,9 @@ fbdev_open(int scrnIndex, const char *de
char *sysfs_path = NULL;
char *node = strrchr(dev, '/') + 1;
- if (asprintf(&sysfs_path, "/sys/class/graphics/%s", node) < 0 ||
+ if (asprintf(&sysfs_path, "/sys/class/graphics/%s/device/subsystem", node) < 0 ||
readlink(sysfs_path, buf, sizeof(buf) - 1) < 0 ||
- strstr(buf, "devices/pci")) {
+ strstr(buf, "bus/pci")) {
free(sysfs_path);
close(fd);
return -1;
Reference in New Issue View Git Blame Copy Permalink