Laibulale ya libinput 1.20.1, yomwe imapereka zolowera zolumikizana zomwe zimakupatsani mwayi wogwiritsa ntchito njira zomwezo zosinthira zochitika kuchokera pazida zolowetsa m'malo otengera Wayland ndi X.Org, zachotsa chiwopsezo (CVE-2022-1215), chomwe amakulolani kuti mukonzekere kuchitidwa kwa code yanu pamene mukugwirizanitsa chipangizo chothandizira chosinthidwa / chotsatiridwa ndi dongosolo. Vutoli limawonekera m'malo ozikidwa pa X.Org ndi Wayland, ndipo litha kugwiritsidwa ntchito polumikiza zida zakomweko komanso poyendetsa zida zokhala ndi mawonekedwe a Bluetooth. Ngati seva ya X ikugwira ntchito ngati muzu, kusatetezeka kumalola code kuchitidwa ndi mwayi wapamwamba.
Vutoli limadza chifukwa cha cholakwika cha masanjidwe a mzere mu code yomwe imayang'anira kutulutsa chidziwitso cha kulumikizana kwa chipangizo pa chipika. Makamaka, ntchito ya evdev_log_msg, pogwiritsa ntchito kuyitana kwa snprintf, inasintha chingwe choyambirira cha mawonekedwe a chipika, chomwe dzina la chipangizocho linawonjezedwa ngati choyambirira. Kenaka, chingwe chosinthidwa chinaperekedwa ku log_msg_va ntchito, yomwe inagwiritsanso ntchito printf ntchito. Chifukwa chake, mtsutso woyamba ku printf, momwe mafotokozedwe a zilembo adagwiritsidwira ntchito, anali ndi data yakunja yosavomerezeka, ndipo wowukira atha kuyambitsa katangale popangitsa chipangizochi kubweza dzina lomwe lili ndi zilembo zamtundu wa zingwe (mwachitsanzo, "Evil %s") .
Source: opennet.ru