Bug 1180128 – VUL-0: CVE-2021-3472: xorg-x11-server: XChangeFeedbackControl Integer Underflow Privilege Escalation (ZDI-CAN-12549)

Bug 1180128 - (CVE-2021-3472) VUL-0: CVE-2021-3472: xorg-x11-server: XChangeFeedbackControl Integer Underflow Privilege Escalation (ZDI-CAN-12549)

(CVE-2021-3472)
Summary:	VUL-0: CVE-2021-3472: xorg-x11-server: XChangeFeedbackControl Integer Underfl...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/273584/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2020-12-16 17:25 UTC by Wolfgang Frisch
Modified:	2021-09-28 18:35 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 5 Johannes Segitz 2020-12-18 10:46:50 UTC

There since the beginning of time, everything affected

Comment 18 Robert Frohl 2021-04-13 14:14:42 UTC

oss-security:

X.Org server security advisory: April 13, 2021


Input validation failures in X server XInput extension
======================================================


Insufficient checks on the lengths of the XInput extension
ChangeFeedbackControl request can lead to out of bounds memory
accesses in the X server.

These issues can lead to privilege escalation for authorized clients
on systems where the X server is running privileged.

* CVE-2021-3472 / ZDI CAN 12549 XChangeFeedbackControl Integer Underflow

Patch
-----

A patch for this issue has been committed to the xorg server git
repository. xorg-server 1.20.11 and xwayland 21.1.1 will be released
shortly and will include this patch.

https://gitlab.freedesktop.org/xorg/xserver.git

commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd

Fix XChangeFeedbackControl() request underflow

CVE-2021-3472 / ZDI-CAN-1259

Thanks
======

These vulnerabilities have been discovered by Jan-Niklas Sohn working
with Trend Micro Zero Day Initiative.

-- 
Matthieu Herrb

Comment 19 Stefan Dirsch 2021-04-13 15:17:39 UTC

Thanks for the update. Just submitted the fix also for Tumbleweed.

Comment 20 OBSbugzilla Bot 2021-04-13 16:20:04 UTC

This is an autogenerated message for OBS integration:
This bug (1180128) was mentioned in
https://build.opensuse.org/request/show/885112 Factory / xorg-x11-server

Comment 21 Swamp Workflow Management 2021-04-13 19:34:34 UTC

SUSE-SU-2021:14690-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    xorg-x11-server-7.4-27.122.40.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xorg-x11-server-7.4-27.122.40.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xorg-x11-server-7.4-27.122.40.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xorg-x11-server-7.4-27.122.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Swamp Workflow Management 2021-04-13 19:43:15 UTC

SUSE-SU-2021:1179-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    xorg-x11-server-1.19.6-8.30.1
SUSE Linux Enterprise Server 15-LTSS (src):    xorg-x11-server-1.19.6-8.30.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    xorg-x11-server-1.19.6-8.30.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    xorg-x11-server-1.19.6-8.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2021-04-13 19:45:21 UTC

SUSE-SU-2021:1181-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    xorg-x11-server-1.19.6-10.23.1
SUSE Linux Enterprise Server 12-SP5 (src):    xorg-x11-server-1.19.6-10.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2021-04-13 19:46:17 UTC

SUSE-SU-2021:1180-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    xorg-x11-server-1.19.6-4.22.1
SUSE OpenStack Cloud 9 (src):    xorg-x11-server-1.19.6-4.22.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    xorg-x11-server-1.19.6-4.22.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    xorg-x11-server-1.19.6-4.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2021-04-13 19:47:17 UTC

SUSE-SU-2021:1182-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    xorg-x11-server-1.20.3-22.5.25.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    xorg-x11-server-1.20.3-22.5.25.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    xorg-x11-server-1.20.3-22.5.25.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    xorg-x11-server-1.20.3-22.5.25.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    xorg-x11-server-1.20.3-22.5.25.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    xorg-x11-server-1.20.3-22.5.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2021-04-14 16:17:35 UTC

SUSE-SU-2021:1188-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Manager Retail Branch Server 4.0 (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Manager Proxy 4.0 (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE Enterprise Storage 6 (src):    xorg-x11-server-1.20.3-14.5.16.1
SUSE CaaS Platform 4.0 (src):    xorg-x11-server-1.20.3-14.5.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2021-04-14 16:20:06 UTC

SUSE-SU-2021:1187-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE OpenStack Cloud 8 (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (src):    xorg-x11-server-7.6_1.18.3-76.40.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    xorg-x11-server-7.6_1.18.3-76.40.1
HPE Helion Openstack 8 (src):    xorg-x11-server-7.6_1.18.3-76.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2021-04-15 10:16:27 UTC

openSUSE-SU-2021:0554-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180128
CVE References: CVE-2021-3472
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    xorg-x11-server-1.20.3-lp152.8.21.1

Comment 29 OBSbugzilla Bot 2021-04-19 14:40:03 UTC

This is an autogenerated message for OBS integration:
This bug (1180128) was mentioned in
https://build.opensuse.org/request/show/886705 Factory / xorg-x11-server

Comment 30 Wolfgang Frisch 2021-05-31 16:21:04 UTC

Released.