CVE-2021-3982

Published: Apr 29, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.

Affected (1)

Products: Gnome: Gnome Shell

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnome Gnome Shell	All versions

Related CWEs

Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

References (4)

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.