CVE-2021-3472 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Privilege escalation
Description	A security issue has been found in xorg-server before version 1.20.11 and xorg-xwayland before version 21.1.1. Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorized clients on systems where the X server is running privileged.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1812	xorg-xwayland	21.1.0-1	21.1.1-1	Medium	Fixed
AVG-1811	xorg-server	1.20.10-3	1.20.11-1	Medium	Fixed

References
https://lists.x.org/archives/xorg-announce/2021-April/003080.html https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/653 https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd

References

https://lists.x.org/archives/xorg-announce/2021-April/003080.html
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/653
https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd