Vulnerability CVE-2021-4010

Vulnerability Name:

CVE-2021-4010 (CCN-215236)

Assigned:

2021-12-14

Published:

2021-12-14

Updated:

2023-05-30

Summary:

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2021-4010

Source: XF
Type: UNKNOWN
xorg-cve20214010-priv-esc(215236)

Source: CCN
Type: xserver GIT Repository
Xserver

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: oss-sec Mailing List, Tue, 14 Dec 2021 15:14:06 +0200
Fwd: X.Org Security Advisory: December 14, 2021

Source: CCN
Type: oss-sec Mailing List, Tue, 14 Dec 2021 08:37:18 -0800
Re: Fwd: X.Org Security Advisory: December 14, 2021

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: ZDI-21-1549
X.Org Server SProcScreenSaverSuspend Out-Of-Bounds Access Local Privilege Escalation Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 8:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8072	P	xorg-x11-server-sdk-21.1.4-150500.5.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7835	P	xorg-x11-server-21.1.4-150500.5.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3596	P	libgcrypt20-1.6.1-16.68.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3597	P	libgme0-0.6.0-5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3229	P	libpcap1-1.8.1-10.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3431	P	apache2-mod_apparmor-2.8.2-51.18.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3738	P	pam_ssh-2.0-1.39 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95226	P	xorg-x11-server-wayland-1.20.3-150200.22.5.52.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95227	P	xwayland-21.1.4-150400.1.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94859	P	xorg-x11-server-1.20.3-150400.36.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95061	P	xorg-x11-server-sdk-1.20.3-150400.36.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:391	P	xorg-x11-server-1.20.3-150400.36.7 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:394	P	xwayland-21.1.4-150400.1.12 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:4598	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP5) (Important)	2022-05-10
oval:com.redhat.rhsa:def:20221917	P	RHSA-2022:1917: xorg-x11-server and xorg-x11-server-Xwayland security update (Moderate)	2022-05-10
oval:org.opensuse.security:def:100094	P	(Important)	2022-03-10
oval:org.opensuse.security:def:119104	P	Security update for xorg-x11-server (Important)	2022-02-17
oval:org.opensuse.security:def:113611	P	xwayland-21.1.4-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113604	P	xorg-x11-server-21.1.2-1.1 on GA media (Moderate)	2022-01-17
oval:com.redhat.rhsa:def:20220003	P	RHSA-2022:0003: xorg-x11-server security update (Important)	2022-01-03
oval:org.opensuse.security:def:111178	P	Security update for xorg-x11-server (Important)	2021-12-22
oval:org.opensuse.security:def:96229	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:118852	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:109579	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:70021	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:102343	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:74755	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:102894	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:119532	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:96204	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:109550	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:70846	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:1791	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:67364	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:103021	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:10431	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:9123	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:96235	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:109585	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:70030	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:76432	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:102904	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:9881	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:6275	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:96214	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:109560	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:101568	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:10706	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:9133	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:96242	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:119159	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:109679	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:837	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:111844	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:64827	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:102913	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:9890	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:96223	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:118662	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:109570	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:101825	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:73949	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:102884	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:96252	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:119347	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:96194	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:70571	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:1147	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:65687	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:102919	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:9079	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:92435	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:106075	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:9834	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:98995	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:99783	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:92634	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:106274	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:99190	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:92045	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:105685	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:69775	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:92833	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:106473	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:70525	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:99385	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:8884	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:92240	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:105880	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:69974	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:9635	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:106760	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:10385	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:99584	P	Security update for xorg-x11-server (Important)	2021-12-20

BACK