CVE-2021-38593

Note

xenial/esm is not affected, code affected is not present
code was introduced in:
https://github.com/qt/qtbase/commit/6869d2463a2e0d71bd04dbc82f5d6ef4933dc510
While the patch fixes code that was only introduced in 6.0, the
code in 6.0 did introduce a fix that 5.0 didn't have.

Package	Release	Status
qtbase-opensource-src Launchpad, Ubuntu, Debian	bionic	Released (5.9.5+dfsg-0ubuntu2.6)
	focal	Released (5.12.8+dfsg-0ubuntu2.1)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Not vulnerable (5.15.2+dfsg-14)
	kinetic	Not vulnerable (5.15.2+dfsg-14)
	lunar	Not vulnerable (5.15.2+dfsg-14)
	mantic	Not vulnerable (5.15.2+dfsg-14)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (code not present)
	Patches: upstream: https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 upstream: https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd upstream: https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c
qtbase-opensource-src-gles Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Needs triage
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Needs triage

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-38593

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading