PublicDateAtUSN: 2021-12-14 12:00:00 UTC Candidate: CVE-2021-4010 CRD: 2021-12-14 12:00:00 UTC PublicDate: 2021-12-17 17:15:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4010 https://www.openwall.com/lists/oss-security/2021/12/14/1 https://ubuntu.com/security/notices/USN-5193-1 Description: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Ubuntu-Description: Notes: mdeslaur> xorg server is actually the xorg-server package mdeslaur> the xorg package only contains docs mdeslaur> xwayland package contains parts of xorg-server mdeslaur> This is ZDI-CAN-14951 mdeslaur> looks like this was introduced by: mdeslaur> https://gitlab.freedesktop.org/xorg/xserver/-/commit/52048ce29f872192478fece3887b7bc1c8aace7d Mitigation: Bugs: Priority: medium Discovered-by: Jan-Niklas Sohn Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_xorg-server: upstream: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21 upstream_xorg-server: released (21.1.2) trusty_xorg-server: ignored (out of standard support) trusty/esm_xorg-server: not-affected (code not present) xenial_xorg-server: not-affected (code not present) esm-infra/xenial_xorg-server: not-affected (code not present) bionic_xorg-server: not-affected (code not present) focal_xorg-server: released (2:1.20.13-1ubuntu1~20.04.2) hirsute_xorg-server: released (2:1.20.11-1ubuntu1.2) impish_xorg-server: released (2:1.20.13-1ubuntu1.1) jammy_xorg-server: released (2:1.20.13-1ubuntu2) devel_xorg-server: released (2:1.20.13-1ubuntu2) Patches_xwayland: upstream_xwayland: released (21.1.4) trusty_xwayland: DNE trusty/esm_xwayland: DNE xenial_xwayland: DNE bionic_xwayland: DNE focal_xwayland: DNE hirsute_xwayland: released (2:21.1.1-0ubuntu1.1) impish_xwayland: released (2:21.1.2-0ubuntu1.1) jammy_xwayland: released (2:21.1.3-1ubuntu1) devel_xwayland: released (2:21.1.3-1ubuntu1) Patches_xorg-server-hwe-16.04: upstream_xorg-server-hwe-16.04: needs-triage trusty_xorg-server-hwe-16.04: DNE trusty/esm_xorg-server-hwe-16.04: DNE xenial_xorg-server-hwe-16.04: ignored (end of standard support, was needs-triage) esm-infra/xenial_xorg-server-hwe-16.04: needs-triage bionic_xorg-server-hwe-16.04: DNE focal_xorg-server-hwe-16.04: DNE hirsute_xorg-server-hwe-16.04: DNE impish_xorg-server-hwe-16.04: DNE jammy_xorg-server-hwe-16.04: DNE devel_xorg-server-hwe-16.04: DNE Patches_xorg-server-hwe-18.04: upstream_xorg-server-hwe-18.04: needs-triage trusty_xorg-server-hwe-18.04: DNE trusty/esm_xorg-server-hwe-18.04: DNE xenial_xorg-server-hwe-18.04: DNE bionic_xorg-server-hwe-18.04: released (2:1.20.8-2ubuntu2.2~18.04.6) focal_xorg-server-hwe-18.04: DNE hirsute_xorg-server-hwe-18.04: DNE impish_xorg-server-hwe-18.04: DNE jammy_xorg-server-hwe-18.04: DNE devel_xorg-server-hwe-18.04: DNE