Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2021-3782

Public on 2022-09-23
Modified on 2024-02-12
Description

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.

Severity
Medium
See what this means
CVSS v3 Base Score
6.6
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core wayland 2023-06-21 19:11 ALAS2-2023-2103
Amazon Linux 2023 wayland 2023-06-05 16:39 ALAS2023-2023-203

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
NVD CVSSv3 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

References

Red Hat: CVE-2021-3782 Mitre: CVE-2021-3782 FAQs regarding Amazon Linux ALAS/CVE Severity