====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN218
_____________________________________________________________________

DATE                : 14/04/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running X.Org server versions prior to
                                     1.20.11, 21.1.1.

=====================================================================
https://lists.x.org/archives/xorg-announce/2021-April/003080.html
_____________________________________________________________________

X.Org server security advisory: April 13, 2021


Input validation failures in X server XInput extension
======================================================


Insufficient checks on the lengths of the XInput extension
ChangeFeedbackControl request can lead to out of bounds memory
accesses in the X server.

These issues can lead to privilege escalation for authorized clients
on systems where the X server is running privileged.

* CVE-2021-3472 / ZDI CAN 12549 XChangeFeedbackControl Integer Underflow

Patch
-----

A patch for this issue has been committed to the xorg server git
repository. xorg-server 1.20.11 and xwayland 21.1.1 will be released
shortly and will include this patch.

https://gitlab.freedesktop.org/xorg/xserver.git

commit 7aaf54a1884f71dc363f0b884e57bcb67407a6cd

Fix XChangeFeedbackControl() request underflow

CVE-2021-3472 / ZDI-CAN-1259

Thanks
======

These vulnerabilities have been discovered by Jan-Niklas Sohn working
with Trend Micro Zero Day Initiative.

-- 
Matthieu Herrb


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================