Bug 1180128 - (CVE-2021-3472) VUL-0: CVE-2021-3472: xorg-x11-server: XChangeFeedbackControl Integer Underflow Privilege Escalation (ZDI-CAN-12549)
(CVE-2021-3472)
VUL-0: CVE-2021-3472: xorg-x11-server: XChangeFeedbackControl Integer Underfl...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/273584/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-12-16 17:25 UTC by Wolfgang Frisch
Modified: 2021-09-28 18:35 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 5 Johannes Segitz 2020-12-18 10:46:50 UTC
There since the beginning of time, everything affected
Comment 18 Robert Frohl 2021-04-13 14:14:42 UTC
oss-security:

X.Org server security advisory: April 13, 2021


Input validation failures in X server XInput extension
======================================================


Insufficient checks on the lengths of the XInput extension
ChangeFeedbackControl request can lead to out of bounds memory
accesses in the X server.

These issues can lead to privilege escalation for authorized clients
on systems where the X server is running privileged.

* CVE-2021-3472 / ZDI CAN 12549 XChangeFeedbackControl Integer Underflow

Patch
-----

A patch for this issue has been committed to the xorg server git
repository. xorg-server 1.20.11 and xwayland 21.1.1 will be released
shortly and will include this patch.

https://gitlab.freedesktop.org/xorg/xserver.git

commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd

Fix XChangeFeedbackControl() request underflow

CVE-2021-3472 / ZDI-CAN-1259

Thanks
======

These vulnerabilities have been discovered by Jan-Niklas Sohn working
with Trend Micro Zero Day Initiative.

-- 
Matthieu Herrb
Comment 19 Stefan Dirsch 2021-04-13 15:17:39 UTC
Thanks for the update. Just submitted the fix also for Tumbleweed.
Comment 20 OBSbugzilla Bot 2021-04-13 16:20:04 UTC
This is an autogenerated message for OBS integration:
This bug (1180128) was mentioned in
https://build.opensuse.org/request/show/885112 Factory / xorg-x11-server
Comment 21 Swamp Workflow Management 2021-04-13 19:34:34 UTC
SUSE-SU-2021:14690-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    xorg-x11-server-7.4-27.122.40.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xorg-x11-server-7.4-27.122.40.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-server-7.4-27.122.40.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xorg-x11-server-7.4-27.122.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2021-04-13 19:43:15 UTC
SUSE-SU-2021:1179-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    xorg-x11-server-1.19.6-8.30.1
SUSE Linux Enterprise Server 15-LTSS (src):    xorg-x11-server-1.19.6-8.30.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    xorg-x11-server-1.19.6-8.30.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    xorg-x11-server-1.19.6-8.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2021-04-13 19:45:21 UTC
SUSE-SU-2021:1181-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    xorg-x11-server-1.19.6-10.23.1
SUSE Linux Enterprise Server 12-SP5 (src):    xorg-x11-server-1.19.6-10.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2021-04-13 19:46:17 UTC
SUSE-SU-2021:1180-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    xorg-x11-server-1.19.6-4.22.1
SUSE OpenStack Cloud 9 (src):    xorg-x11-server-1.19.6-4.22.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    xorg-x11-server-1.19.6-4.22.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    xorg-x11-server-1.19.6-4.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2021-04-13 19:47:17 UTC
SUSE-SU-2021:1182-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    xorg-x11-server-1.20.3-22.5.25.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    xorg-x11-server-1.20.3-22.5.25.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    xorg-x11-server-1.20.3-22.5.25.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    xorg-x11-server-1.20.3-22.5.25.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    xorg-x11-server-1.20.3-22.5.25.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    xorg-x11-server-1.20.3-22.5.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2021-04-14 16:17:35 UTC
SUSE-SU-2021:1188-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Manager Retail Branch Server 4.0 (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Manager Proxy 4.0 (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Enterprise Storage 6 (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE CaaS Platform 4.0 (src):    xorg-x11-server-1.20.3-14.5.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2021-04-14 16:20:06 UTC
SUSE-SU-2021:1187-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE OpenStack Cloud 8 (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    xorg-x11-server-7.6_1.18.3-76.40.1
HPE Helion Openstack 8 (src):    xorg-x11-server-7.6_1.18.3-76.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2021-04-15 10:16:27 UTC
openSUSE-SU-2021:0554-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    xorg-x11-server-1.20.3-lp152.8.21.1
Comment 29 OBSbugzilla Bot 2021-04-19 14:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1180128) was mentioned in
https://build.opensuse.org/request/show/886705 Factory / xorg-x11-server
Comment 30 Wolfgang Frisch 2021-05-31 16:21:04 UTC
Released.