A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Weakness
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| X_server | X.org | * | 1.20.11 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | xorg-x11-server-0:1.20.4-16.el7_9 | * |
| Xorg | Ubuntu | trusty | * |
| Xorg-server | Ubuntu | bionic | * |
| Xorg-server | Ubuntu | devel | * |
| Xorg-server | Ubuntu | esm-infra-legacy/trusty | * |
| Xorg-server | Ubuntu | esm-infra/bionic | * |
| Xorg-server | Ubuntu | esm-infra/focal | * |
| Xorg-server | Ubuntu | esm-infra/xenial | * |
| Xorg-server | Ubuntu | focal | * |
| Xorg-server | Ubuntu | groovy | * |
| Xorg-server | Ubuntu | hirsute | * |
| Xorg-server | Ubuntu | impish | * |
| Xorg-server | Ubuntu | jammy | * |
| Xorg-server | Ubuntu | trusty | * |
| Xorg-server | Ubuntu | trusty/esm | * |
| Xorg-server | Ubuntu | xenial | * |
| Xorg-server-hwe-16.04 | Ubuntu | esm-infra/xenial | * |
| Xorg-server-hwe-16.04 | Ubuntu | xenial | * |
| Xorg-server-hwe-18.04 | Ubuntu | bionic | * |
| Xorg-server-hwe-18.04 | Ubuntu | esm-infra/bionic | * |
| Xorg-server-lts-utopic | Ubuntu | trusty | * |
| Xorg-server-lts-vivid | Ubuntu | trusty | * |
| Xorg-server-lts-wily | Ubuntu | trusty | * |
| Xorg-server-lts-xenial | Ubuntu | trusty | * |
| Xwayland | Ubuntu | devel | * |
| Xwayland | Ubuntu | hirsute | * |
| Xwayland | Ubuntu | impish | * |
| Xwayland | Ubuntu | jammy | * |
References
- http://www.openwall.com/lists/oss-security/2021/04/13/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1944167
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
- https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/
- https://lists.x.org/archives/xorg-announce/2021-April/003080.html
- https://lists.x.org/archives/xorg-announce/2021-April/003080.html
- https://seclists.org/oss-sec/2021/q2/20
- https://security.gentoo.org/glsa/202104-02
- https://www.debian.org/security/2021/dsa-4893
- https://www.tenable.com/plugins/nessus/148701
- https://www.zerodayinitiative.com/advisories/ZDI-21-463/
- http://www.openwall.com/lists/oss-security/2021/04/13/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1944167
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
- https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/
- https://lists.x.org/archives/xorg-announce/2021-April/003080.html
- https://lists.x.org/archives/xorg-announce/2021-April/003080.html
- https://seclists.org/oss-sec/2021/q2/20
- https://security.gentoo.org/glsa/202104-02
- https://www.debian.org/security/2021/dsa-4893
- https://www.tenable.com/plugins/nessus/148701
- https://www.zerodayinitiative.com/advisories/ZDI-21-463/