CVE-2021-3472

HIGH

x.org x_server < 1.20.11 - Integer Underflow

Title source: llm
STIX 2.1

Description

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References (14)

Core 14
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/04/13/1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4893
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-463/
Mailing List, Patch, Vendor Advisory x_refsource_confirm
https://lists.x.org/archives/xorg-announce/2021-April/003080.html
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1944167
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://seclists.org/oss-sec/2021/q2/20
Third Party Advisory x_refsource_misc
https://www.tenable.com/plugins/nessus/148701
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202104-02

Scores

CVSS v3 7.8
EPSS 0.0009
EPSS Percentile 25.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-191
Status published
Products (8)
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 32
fedoraproject/fedora 33
fedoraproject/fedora 34
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
x.org/x_server < 1.20.11
Published Apr 26, 2021
Tracked Since Feb 18, 2026