CVE-2021-3472

Name
CVE-2021-3472
Description
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://lists.x.org/archives/xorg-announce/2021-April/003080.html
MISC https://seclists.org/oss-sec/2021/q2/20
MISC https://www.zerodayinitiative.com/advisories/ZDI-21-463/
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1944167
DEBIAN https://www.debian.org/security/2021/dsa-4893
MISC https://www.tenable.com/plugins/nessus/148701
MLIST http://www.openwall.com/lists/oss-security/2021/04/13/1
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/
MLIST https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/
MISC https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
GENTOO https://security.gentoo.org/glsa/202104-02

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* x_server >= None < 1.20.11

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xorg-server 3.11-main 1.20.6-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
xorg-server 3.10-main 1.20.5-r3 Natanael Copa <ncopa@alpinelinux.org> fixed