Lucene search

K

GoogleOSV:USN-6721-2

HistoryApr 09, 2024 - 9:16 p.m.

xorg-server, xwayland regression

2024-04-0921:16:47

Google

osv.dev

8

xorg-server

xwayland

regression

fixed

vulnerabilities

incomplete

update

incorrect handling

sensitive information

glyphs

crash

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.2%

USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete
resulting in a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that X.Org X Server incorrectly handled certain data.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2024-31080, CVE-2024-31081, CVE-2024-31082)

It was discovered that X.Org X Server incorrectly handled certain glyphs.
An attacker could possibly use this issue to cause a crash or expose sensitive
information. (CVE-2024-31083)

References

launchpad.net/bugs/2060354

ubuntu.com/security/notices/USN-6721-2

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.2%

Related for OSV:USN-6721-2

nessus49 openvas18 fedora3 slackware2 osv14 ubuntu2 redos1 almalinux5 redhat13 oraclelinux7 debian2 freebsd1 amazon4 rocky4 mageia2 veracode4 cgr4 redhatcve4 cve4 ubuntucve4 nvd4 alpinelinux4 cvelist4 debiancve4 wolfi4 zdi1