CVE-2021-3472

Published: Apr 26, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected (8)

Products: X.org: X Server · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

X.org: X Server · Fedoraproject: Fedora · Debian: Debian Linux · Redhat: Enterprise Linux

1 product

1 product

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
X.org X Server	Before 1.20.11

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 32
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (30)

http://www.openwall.com/lists/oss-security/2021/04/13/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1944167

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd

Source: secalert@redhat.com

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/

Source: secalert@redhat.com

https://lists.x.org/archives/xorg-announce/2021-April/003080.html

Source: secalert@redhat.com

Mailing ListPatchVendor Advisory

https://lists.x.org/archives/xorg-announce/2021-April/003080.html

Source: secalert@redhat.com

Mailing ListPatchVendor Advisory

https://seclists.org/oss-sec/2021/q2/20

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

https://security.gentoo.org/glsa/202104-02

Source: secalert@redhat.com

Third Party Advisory

https://www.debian.org/security/2021/dsa-4893

Source: secalert@redhat.com

Third Party Advisory

https://www.tenable.com/plugins/nessus/148701

Source: secalert@redhat.com

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-463/

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2021/04/13/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1944167

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.x.org/archives/xorg-announce/2021-April/003080.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://lists.x.org/archives/xorg-announce/2021-April/003080.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://seclists.org/oss-sec/2021/q2/20

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://security.gentoo.org/glsa/202104-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2021/dsa-4893

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.tenable.com/plugins/nessus/148701

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-463/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.