Your submission was sent successfully! Close

CVE-2021-4011

Published: 14 December 2021

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
xorg-server
Launchpad, Ubuntu, Debian
Upstream
Released (21.1.2)
Ubuntu 21.10 (Impish Indri)
Released (2:1.20.13-1ubuntu1.1)
Ubuntu 21.04 (Hirsute Hippo)
Released (2:1.20.11-1ubuntu1.2)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2:1.20.13-1ubuntu1~20.04.2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:1.19.6-1ubuntu4.10)
Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768
xorg-server-hwe-16.04
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xorg-server-hwe-18.04
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:1.20.8-2ubuntu2.2~18.04.6)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xwayland
Launchpad, Ubuntu, Debian
Upstream
Released (21.1.4)
Ubuntu 21.10 (Impish Indri)
Released (2:21.1.2-0ubuntu1.1)
Ubuntu 21.04 (Hirsute Hippo)
Released (2:21.1.1-0ubuntu1.1)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
mdeslaur
xorg server is actually the xorg-server package
the xorg package only contains docs
xwayland package contains parts of xorg-server
This is ZDI-CAN-14952

References