CVE-2021-3472

Summary

CVE	CVE-2021-3472
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-04-26 15:15:00 UTC
Updated	2023-11-07 03:38:00 UTC
Description	A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Risk And Classification

Problem Types: CWE-191

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Application	X.org	X Server	All	All	All	All

References

Reference	Source	Link	Tags
ZDI-21-463 \| Zero Day Initiative	MISC	www.zerodayinitiative.com
[SECURITY] Fedora 34 Update: xorg-x11-server-1.20.11-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] [DLA 2627-1] xorg-server security update	MLIST	lists.debian.org
[SECURITY] Fedora 32 Update: xorg-x11-server-1.20.11-1.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 34 Update: xorg-x11-server-1.20.11-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
X.Org X Server: Privilege escalation (GLSA 202104-02) — Gentoo security	GENTOO	security.gentoo.org
1944167 – (CVE-2021-3472) CVE-2021-3472 xorg-x11-server: XChangeFeedbackControl integer underflow leads to privilege escalation	MISC	bugzilla.redhat.com
[SECURITY] Fedora 32 Update: xorg-x11-server-1.20.11-1.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
oss-security - X.Org server security advisory: April 13, 2021	MLIST	www.openwall.com
[SECURITY] Fedora 34 Update: xorg-x11-server-Xwayland-21.1.1-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Debian DLA-2627-1 : xorg-server security update	MISC	www.tenable.com
Debian -- Security Information -- DSA-4893-1 xorg-server	DEBIAN	www.debian.org
Fix XChangeFeedbackControl() request underflow (7aaf54a1) · Commits · xorg / xserver · GitLab	MISC	gitlab.freedesktop.org
[SECURITY] Fedora 34 Update: xorg-x11-server-Xwayland-21.1.1-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 33 Update: xorg-x11-server-1.20.11-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 33 Update: xorg-x11-server-1.20.11-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
X.Org server security advisory: April 13, 2021	MISC	lists.x.org
oss-sec: X.Org server security advisory: April 13, 2021	MISC	seclists.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159182 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2021-2033)
174898 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1179-1)
174900 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1181-1)
174901 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1180-1)
174902 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1182-1)
174910 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1188-1)
174915 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2021:1187-1)
178544 Debian Security Update for xorg-server (DLA 2627-1)
178557 Debian Security Update for xorg-server (DSA 4893-1)
179585 Debian Security Update for xorg-server (CVE-2021-3472)
198321 Ubuntu Security Notification for X.Org X Server vulnerability (USN-4905-1)
239277 Red Hat Update for xorg-x11-server (RHSA-2021:2033)
257085 CentOS Security Update for xorg-x11-server (CESA-2021:2033)
281310 Fedora Security Update for xorg (FEDORA-2021-f7b4c97879)
281311 Fedora Security Update for xorg (FEDORA-2021-139f3fc21c)
281312 Fedora Security Update for xorg (FEDORA-2021-112d542766)
281313 Fedora Security Update for xorg (FEDORA-2021-0e2981e013)
296053 Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)
352281 Amazon Linux Security Update for xorg-x11-server: ALAS2-2021-1633
352307 Amazon Linux Security Advisory for xorg-x11-server: ALAS-2021-1502
352822 Amazon Linux Security Advisory for xorg-x11-server: AL2012-2021-346
377222 Alibaba Cloud Linux Security Update for xorg-x11-server (ALINUX2-SA-2021:0030)
500823 Alpine Linux Security Update for xorg-server
501944 Alpine Linux Security Update for xorg-server
501946 Alpine Linux Security Update for xwayland
670212 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2021-1863)
670408 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2021-1991)
670476 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2021-2234)
670682 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2021-2440)
670786 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2021-2544)
670810 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2021-2568)
710012 Gentoo Linux X.Org X Server Privilege Escalation Vulnerability (GLSA 202104-02)
730155 McAfee Web Gateway Multiple Vulnerabilities(WP-3580, WP-3656, WP-3815, WP-3878, WP-3882, WP-3934,WP-3935, WP-3936, WP-3999)
750266 OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2021:0554-1)