[email protected]CVE-2021-3472

HistoryApr 26, 2021 - 3:15 p.m.

CVE-2021-3472

2021-04-2615:15:00

CWE-191

[email protected]

web.nvd.nist.gov

208

cve-2021-3472

xorg-x11-server

local privilege escalation

data confidentiality

data integrity

system availability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.8%

JSON

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

VendorProductVersionCPE
x\.orgxorg\-server*cpe:2.3:a:x\.org:xorg\-server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
x\.org	xorg\-server	*	cpe:2.3:a:x\.org:xorg\-server::::::::

References

www.openwall.com/lists/oss-security/2021/04/13/1

bugzilla.redhat.com/show_bug.cgi?id=1944167

gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd

lists.debian.org/debian-lts-announce/2021/04/msg00013.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/

lists.x.org/archives/xorg-announce/2021-April/003080.html

seclists.org/oss-sec/2021/q2/20

security.gentoo.org/glsa/202104-02

www.debian.org/security/2021/dsa-4893

www.tenable.com/plugins/nessus/148701

www.zerodayinitiative.com/advisories/ZDI-21-463/

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for CVE-2021-3472

nessus28 osv5 openvas26 debian3 cvelist1 suse1 redhatcve1 gentoo1 ubuntu2 fedora4 veracode1 oraclelinux1 alpinelinux1 amazon2 prion1 debiancve1 zdi1 ubuntucve1 redhat1 mageia1 centos1