CVE-2021-4010 — Improper Restriction of Operations within the Bounds of a Memory Buffer in X Server

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 76.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org Xwayland X.org X Server +3 more

Timeline

PublishedDec 17

Latest updateDec 18

Description

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5the_x.org_foundation/xorg-x11-serverxorg-x11-server 21.1.2, xorg-x11-server 1.20.14

▶Debianx.org/xorg-server< 2:1.20.11-1+deb11u1+3

▶NVDx.org/x_server< 1.20.14+2

▶Debianx.org/xwayland< 2:21.1.4-1+2

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35

🔴Vulnerability Details

GHSA

GHSA-3qwg-vch4-4r45: A flaw was found in xorg-x11-server in versions before 21↗2021-12-18

▶

CVEList

CVE-2021-4010: A flaw was found in xorg-x11-server in versions before 21↗2021-12-17

▶

OSV

CVE-2021-4010: A flaw was found in xorg-x11-server in versions before 21↗2021-12-17

▶

📋Vendor Advisories

Ubuntu

X.Org X Server vulnerabilities↗2021-12-14

▶

Red Hat

xorg-x11-server: SProcScreenSaverSuspend out-of-bounds access↗2021-12-14

▶

Debian

CVE-2021-4010: xorg-server - A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14...↗2021

▶