PT-2021-3619 · Unknown+6 · Xorg-X11-Server+6

Jan-Niklas Sohn

·

Published

2021-04-13

·

Updated

2024-06-15

·

CVE-2021-3472

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions xorg-x11-server versions prior to 1.20.11
Description A flaw was found in xorg-x11-server, where an integer underflow can occur in xserver, leading to a local privilege escalation. The highest threat from this issue is to data confidentiality and integrity as well as system availability. The problem is caused by an error in the XInput extension, which can lead to changes in the contents of a memory area outside the allocated buffer when processing ChangeFeedbackControl requests with specially crafted input data.
Recommendations For versions prior to 1.20.11, update to version 1.20.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the XInput extension until a patch is available. Avoid using the ChangeFeedbackControl request with specially crafted input data in the affected API endpoint until the issue is resolved.

Fix

LPE

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALT-PU-2021-1652
ALT-PU-2021-1657
ALT-PU-2021-1956
AZL-44133
BDU:2021-03760
CESA-2021_2033
CVE-2021-3472
DLA-2627-1
DSA-4893-1
MGASA-2021-0190
OESA-2021-1217
OPENSUSE-SU-2021:0554-1
OPENSUSE-SU-2021_0554-1
OPENSUSE-SU-2024:11525-1
OPENSUSE-SU-2024:11528-1
RHSA-2021:2033
RHSA-2021_2033
SUSE-SU-2021:1179-1
SUSE-SU-2021:1180-1
SUSE-SU-2021:1181-1
SUSE-SU-2021:1182-1
SUSE-SU-2021:1187-1
SUSE-SU-2021:1188-1
SUSE-SU-2021:14690-1
SUSE-SU-2021_1179-1
SUSE-SU-2021_1180-1
SUSE-SU-2021_1181-1
SUSE-SU-2021_1182-1
SUSE-SU-2021_1187-1
SUSE-SU-2021_1188-1
SUSE-SU-2021_14690-1
USN-4905-1
USN-4905-2
ZDI-21-463

Affected Products

Alt Linux
Centos
Linuxmint
Red Hat
Suse
Ubuntu
Xorg-X11-Server