Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2021-3472

Published: 26/04/2021 Updated: 07/11/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to X.org

Vulnerability Summary

A flaw was found in xorg-x11-server in versions prior to 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

x.org x server

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 9.0

debian debian linux 10.0

redhat enterprise linux 7.0

redhat enterprise linux 8.0

Vendor Advisories

Debian Security Advisories: DSA-4893-1 xorg-server -- security update
Jan-Niklas Sohn discovered that missing input sanitising in the XInput extension of the Xorg X server may result in privilege escalation if the X server is running privileged For the stable distribution (buster), this problem has been fixed in version 2:1204-1+deb10u3 We recommend that you upgrade your xorg-server packages For the detailed se ...
Amazon Linux 2: ALAS2-2021-1633
A flaw was found in xorg-x11-server An interger underflow can occur in xserver which can lead to a local privilege escalation The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-3472) ...
Amazon Linux AMI: ALAS-2021-1502
A flaw was found in xorg-x11-server An interger underflow can occur in xserver which can lead to a local privilege escalation The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-3472) ...
Red Hat: CVE-2021-3472
A flaw was found in xorg-x11-server An interger underflow can occur in xserver which can lead to a local privilege escalation The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability ...
Arch Linux Issues:
A security issue has been found in xorg-server before version 12011 and xorg-xwayland before version 2111 Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server These issues can lead to privilege escalation for authorized clients on systems where the X ...

Mailing Lists

Full Disclosure: X.Org server security advisory: April 13, 2021
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> XOrg server security advisory: April 13, 2021 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Matthieu Herrb &lt ...

References

CWE-191https://lists.x.org/archives/xorg-announce/2021-April/003080.htmlhttps://seclists.org/oss-sec/2021/q2/20https://www.zerodayinitiative.com/advisories/ZDI-21-463/https://bugzilla.redhat.com/show_bug.cgi?id=1944167https://www.debian.org/security/2021/dsa-4893https://www.tenable.com/plugins/nessus/148701http://www.openwall.com/lists/oss-security/2021/04/13/1https://lists.debian.org/debian-lts-announce/2021/04/msg00013.htmlhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cdhttps://security.gentoo.org/glsa/202104-02https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4893https://www.zerodayinitiative.com/advisories/ZDI-21-463/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook