{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-4010", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T17:16:03.009Z", "dateReserved": "2021-11-23T00:00:00", "datePublished": "2021-12-17T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-05-30T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}], "affected": [{"vendor": "n/a", "product": "xorg-x11-server", "versions": [{"version": "xorg-x11-server 21.1.2, xorg-x11-server 1.20.14", "status": "affected"}]}], "references": [{"url": "https://lists.x.org/archives/xorg-announce/2021-December/003122.html"}, {"url": "https://lists.x.org/archives/xorg-announce/2021-December/003124.html"}, {"name": "FEDORA-2021-2eb603951b", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDHYZM6FII35JA7J275MFCJO6ADJUPQX/"}, {"name": "FEDORA-2021-a7fd510294", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57DCF726O5LLTST4NBL5PQ7DLPB46HT/"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1549/"}, {"name": "DSA-5027", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2021/dsa-5027"}, {"name": "FEDORA-2021-69e96c8f68", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKLSZCY47QK4RCJFXITYFALCGPJAFXOK/"}, {"name": "FEDORA-2021-664a6554a1", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXTRPFEQLFZ6NT2LPLZEID664RGC3OCC/"}, {"url": "https://security.netapp.com/advisory/ntap-20220114-0004/"}, {"name": "GLSA-202305-30", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-30"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-119", "cweId": "CWE-119"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:16:03.009Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.x.org/archives/xorg-announce/2021-December/003122.html", "tags": ["x_transferred"]}, {"url": "https://lists.x.org/archives/xorg-announce/2021-December/003124.html", "tags": ["x_transferred"]}, {"name": "FEDORA-2021-2eb603951b", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDHYZM6FII35JA7J275MFCJO6ADJUPQX/"}, {"name": "FEDORA-2021-a7fd510294", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57DCF726O5LLTST4NBL5PQ7DLPB46HT/"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1549/", "tags": ["x_transferred"]}, {"name": "DSA-5027", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-5027"}, {"name": "FEDORA-2021-69e96c8f68", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKLSZCY47QK4RCJFXITYFALCGPJAFXOK/"}, {"name": "FEDORA-2021-664a6554a1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXTRPFEQLFZ6NT2LPLZEID664RGC3OCC/"}, {"url": "https://security.netapp.com/advisory/ntap-20220114-0004/", "tags": ["x_transferred"]}, {"name": "GLSA-202305-30", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-30"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "096E7626-AD92-4BBB-A8A7-D227D878C93F", "versionEndExcluding": "1.20.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:x_server:21.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "77BB2090-B22C-4CB2-B349-36DD0797E2DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:x_server:21.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "032AE0F8-5B3D-4C79-ACDB-3553B02F50A4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}, {"lang": "es", "value": "Se ha encontrado un fallo en xorg-x11-server en versiones anteriores a 21.1.2 y anteriores a 1.20.14. Puede producirse un acceso fuera de l\u00edmites en la funci\u00f3n SProcScreenSaverSuspend. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema"}], "id": "CVE-2021-4010", "lastModified": "2023-11-07T03:40:05.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-17T17:15:13.473", "references": [{"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKLSZCY47QK4RCJFXITYFALCGPJAFXOK/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXTRPFEQLFZ6NT2LPLZEID664RGC3OCC/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDHYZM6FII35JA7J275MFCJO6ADJUPQX/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57DCF726O5LLTST4NBL5PQ7DLPB46HT/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://lists.x.org/archives/xorg-announce/2021-December/003122.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://lists.x.org/archives/xorg-announce/2021-December/003124.html"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202305-30"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220114-0004/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-5027"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1549/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue. Upstream acknowledges the Xorg project Upstream as the original reporter.", "affected_release": [{"advisory": "RHSA-2022:0003", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-server-0:1.20.4-17.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-01-03T00:00:00Z"}, {"advisory": "RHSA-2022:1917", "cpe": "cpe:/a:redhat:enterprise_linux:8", "impact": "moderate", "package": "xorg-x11-server-0:1.20.11-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2022:1917", "cpe": "cpe:/a:redhat:enterprise_linux:8", "impact": "moderate", "package": "xorg-x11-server-Xwayland-0:21.1.3-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}], "bugzilla": {"description": "xorg-x11-server: SProcScreenSaverSuspend out-of-bounds access", "id": "2026073", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026073"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in xorg-x11-server where an out-of-bounds access can occur in the SProcScreenSaverSuspend function."], "name": "CVE-2021-4010", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "xorg-x11-server-Xwayland", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-12-14T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-4010\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4010\nhttps://lists.x.org/archives/xorg-announce/2021-December/003122.html\nhttps://lists.x.org/archives/xorg-announce/2021-December/003124.html"], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having Moderate impact.", "threat_severity": "Important", "upstream_fix": "xorg-x11-server 21.1.2, xorg-x11-server 1.20.14"}