CVE-2021-4011 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to an out of bounds memory write. This can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions.
Group Package Affected Fixed Severity Status Ticket
AVG-2640 xorg-xwayland 21.1.3-1 21.1.4-1 High Fixed
AVG-2636 xorg-server 21.1.1-3 21.1.2-1 High Fixed
References
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
https://lists.x.org/archives/xorg-announce/2021-December/003123.html
https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768