Description
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References (10)
Core 10
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDHYZM6FII35JA7J275MFCJO6ADJUPQX/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57DCF726O5LLTST4NBL5PQ7DLPB46HT/
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-5027
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKLSZCY47QK4RCJFXITYFALCGPJAFXOK/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXTRPFEQLFZ6NT2LPLZEID664RGC3OCC/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-30
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220114-0004/
Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1549/
Scores
CVSS v3
7.8
EPSS
0.0008
EPSS Percentile
23.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (7)
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
34
fedoraproject/fedora
35
x.org/x_server
21.1.0
x.org/x_server
21.1.1
x.org/x_server
< 1.20.14
Published
Dec 17, 2021
Tracked Since
Feb 18, 2026