CVE-2021-4010 - log back

CVE-2021-4010 edited at 14 Dec 2021 19:39:43
Description
- A security issue has been found in X.Org before version 21.1.2. The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.
+ A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.
References
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ https://lists.x.org/archives/xorg-announce/2021-December/003123.html
https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21
CVE-2021-4010 edited at 14 Dec 2021 13:57:30
Severity
- Medium
+ High
References
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21
Notes
CVE-2021-4010 edited at 14 Dec 2021 13:54:51
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A security issue has been found in X.Org before version 21.1.2. The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.
References
+ https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21
CVE-2021-4010 created at 14 Dec 2021 13:50:53