CVE-2021-38593

Note

xenial/esm is not affected, code affected is not present
code was introduced in:
https://github.com/qt/qtbase/commit/6869d2463a2e0d71bd04dbc82f5d6ef4933dc510
While the patch fixes code that was only introduced in 6.0, the
code in 6.0 did introduce a fix that 5.0 didn't have.

Package	Release	Status
qtbase-opensource-src Launchpad, Ubuntu, Debian	kinetic	Not vulnerable (5.15.2+dfsg-14)
	lunar	Not vulnerable (5.15.2+dfsg-14)
	upstream	Needs triage
	trusty	Does not exist
	xenial	Not vulnerable (code not present)
	bionic	Released (5.9.5+dfsg-0ubuntu2.6)
	hirsute	Ignored (end of life)
	jammy	Not vulnerable (5.15.2+dfsg-14)
	impish	Ignored (end of life)
	focal	Released (5.12.8+dfsg-0ubuntu2.1)
	Patches: upstream: https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 (6.1) upstream: https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd (6.2) upstream: https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c (dev)
qtbase-opensource-src-gles Launchpad, Ubuntu, Debian	impish	Ignored (end of life)
	jammy	Needs triage
	lunar	Needs triage
	trusty	Does not exist
	xenial	Needs triage
	bionic	Does not exist
	focal	Needs triage
	upstream	Needs triage
	hirsute	Ignored (end of life)
	kinetic	Ignored (end of life, was needs-triage)

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Security

CVE-2021-38593

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading