CVE-2021-4009Improper Restriction of Operations within the Bounds of a Memory Buffer in X Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
X.org Xorg-serverX.org XwaylandX.org X Server+3 more
Timeline
PublishedDec 17
Latest updateJul 27

Description

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5the_x.org_foundation/xorg-x11-serverxorg-x11-server 21.1.2, xorg-x11-server 1.20.14
Debianx.org/xorg-server< 2:1.20.11-1+deb11u1+3
NVDx.org/x_server< 1.20.14+2
Debianx.org/xwayland< 2:21.1.4-1+2

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35

🔴Vulnerability Details

3
GHSA
GHSA-2g88-r927-2prg: A flaw was found in xorg-x11-server in versions before 212021-12-18
OSV
CVE-2021-4009: A flaw was found in xorg-x11-server in versions before 212021-12-17
CVEList
CVE-2021-4009: A flaw was found in xorg-x11-server in versions before 212021-12-17

📋Vendor Advisories

5
Ubuntu
X.Org X Server vulnerabilities2023-07-27
Ubuntu
X.Org X Server vulnerabilities2022-01-26
Red Hat
xorg-x11-server: SProcXFixesCreatePointerBarrier out-of-bounds access2021-12-14
Ubuntu
X.Org X Server vulnerabilities2021-12-14
Debian
CVE-2021-4009: xorg-server - A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14...2021
CVE-2021-4009 — X.org X Server vulnerability | cvebase