CVE-2021-3472

CWE-1918 documents7 sources
Severity
7.8HIGH
EPSS
0.1%
top 74.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
X.org X ServerDebian Debian LinuxFedoraproject Fedora+1 more
Timeline
PublishedApr 26
Latest updateMay 24

Description

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDx.org/x_server< 1.20.11
Debianxorg-server< 2:1.20.11-1+3
CVEListV5xorg-x11-serverxorg-x11-server 1.20.11

Also affects: Debian Linux 10.0, 9.0, Fedora 32, 33, 34, Enterprise Linux 7.0, 8.0

Patches

Patch: www.openwall.comPatch: bugzilla.redhat.comPatch: gitlab.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-cmmq-26gr-w7rc: A flaw was found in xorg-x11-server in versions before 12022-05-24
CVEList
CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 12021-04-26
OSV
CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 12021-04-26

📋Vendor Advisories

4
Ubuntu
X.Org X Server vulnerability2021-06-30
Red Hat
xorg-x11-server: XChangeFeedbackControl integer underflow leads to privilege escalation2021-04-13
Ubuntu
X.Org X Server vulnerability2021-04-13
Debian
CVE-2021-3472: xorg-server - A flaw was found in xorg-x11-server in versions before 1.20.11. An integer under...2021
CVE-2021-3472 (HIGH CVSS 7.8) | A flaw was found in xorg-x11-server | cvebase.io