{"containers": {"cna": {"affected": [{"product": "xorg-x11-server", "vendor": "n/a", "versions": [{"status": "affected", "version": "xorg-x11-server 1.20.11"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "description": "CWE-191", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-01T01:06:34", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20210413 X.Org server security advisory: April 13, 2021", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/04/13/1"}, {"name": "[debian-lts-announce] 20210415 [SECURITY] [DLA 2627-1] xorg-server security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html"}, {"name": "FEDORA-2021-139f3fc21c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/"}, {"name": "DSA-4893", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4893"}, {"name": "FEDORA-2021-0e2981e013", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/"}, {"name": "FEDORA-2021-112d542766", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-463/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lists.x.org/archives/xorg-announce/2021-April/003080.html"}, {"name": "FEDORA-2021-f7b4c97879", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944167"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.x.org/archives/xorg-announce/2021-April/003080.html"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/oss-sec/2021/q2/20"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/plugins/nessus/148701"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd"}, {"name": "GLSA-202104-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202104-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3472", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "xorg-x11-server", "version": {"version_data": [{"version_value": "xorg-x11-server 1.20.11"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-191"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20210413 X.Org server security advisory: April 13, 2021", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/04/13/1"}, {"name": "[debian-lts-announce] 20210415 [SECURITY] [DLA 2627-1] xorg-server security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html"}, {"name": "FEDORA-2021-139f3fc21c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/"}, {"name": "DSA-4893", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4893"}, {"name": "FEDORA-2021-0e2981e013", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/"}, {"name": "FEDORA-2021-112d542766", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-463/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-463/"}, {"name": "https://lists.x.org/archives/xorg-announce/2021-April/003080.html", "refsource": "CONFIRM", "url": "https://lists.x.org/archives/xorg-announce/2021-April/003080.html"}, {"name": "FEDORA-2021-f7b4c97879", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1944167", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944167"}, {"name": "https://lists.x.org/archives/xorg-announce/2021-April/003080.html", "refsource": "MISC", "url": "https://lists.x.org/archives/xorg-announce/2021-April/003080.html"}, {"name": "https://seclists.org/oss-sec/2021/q2/20", "refsource": "MISC", "url": "https://seclists.org/oss-sec/2021/q2/20"}, {"name": "https://www.tenable.com/plugins/nessus/148701", "refsource": "MISC", "url": "https://www.tenable.com/plugins/nessus/148701"}, {"name": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd"}, {"name": "GLSA-202104-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202104-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.617Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20210413 X.Org server security advisory: April 13, 2021", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/04/13/1"}, {"name": "[debian-lts-announce] 20210415 [SECURITY] [DLA 2627-1] xorg-server security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html"}, {"name": "FEDORA-2021-139f3fc21c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/"}, {"name": "DSA-4893", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4893"}, {"name": "FEDORA-2021-0e2981e013", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/"}, {"name": "FEDORA-2021-112d542766", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-463/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.x.org/archives/xorg-announce/2021-April/003080.html"}, {"name": "FEDORA-2021-f7b4c97879", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944167"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.x.org/archives/xorg-announce/2021-April/003080.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/oss-sec/2021/q2/20"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/plugins/nessus/148701"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd"}, {"name": "GLSA-202104-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202104-02"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3472", "datePublished": "2021-04-26T14:29:54", "dateReserved": "2021-03-29T00:00:00", "dateUpdated": "2024-08-03T16:53:17.617Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1002D17-1E44-4CEE-BBD5-CA24A140C87F", "versionEndExcluding": "1.20.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en xorg-x11-server en versiones anteriores a 1.20.11. Se puede producir un subdesbordamiento de enteros en xserver que puede conllevar a una escalada de privilegios local. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema"}], "id": "CVE-2021-3472", "lastModified": "2023-11-07T03:38:01.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-26T15:15:07.857", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/04/13/1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944167"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.x.org/archives/xorg-announce/2021-April/003080.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://seclists.org/oss-sec/2021/q2/20"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202104-02"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4893"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/plugins/nessus/148701"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-463/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:2033", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-server-0:1.20.4-16.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-05-19T00:00:00Z"}], "bugzilla": {"description": "xorg-x11-server: XChangeFeedbackControl integer underflow leads to privilege escalation", "id": "1944167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944167"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-191", "details": ["A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in xorg-x11-server. An interger underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2021-3472", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "impact": "moderate", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-04-13T14:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3472\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3472\nhttps://lists.x.org/archives/xorg-announce/2021-April/003080.html"], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.", "threat_severity": "Important", "upstream_fix": "xorg-x11-server 1.20.11"}