Red Hat Enterprise Linux 8 update for userspace graphics, xorg-x11, and mesa
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2020-14344 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 CVE-2020-14363 CVE-2020-25712 |
| CWE-ID | CWE-190 CWE-125 CWE-191 CWE-665 CWE-415 CWE-122 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Red Hat CodeReady Linux Builder for ARM 64 Operating systems & Components / Operating system Red Hat CodeReady Linux Builder for Power, little endian Operating systems & Components / Operating system Red Hat CodeReady Linux Builder for x86_64 Operating systems & Components / Operating system Red Hat Enterprise Linux for ARM 64 Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system xorg-x11-server (Red Hat package) Operating systems & Components / Operating system package or component xorg-x11-drivers (Red Hat package) Operating systems & Components / Operating system package or component mesa (Red Hat package) Operating systems & Components / Operating system package or component libwacom (Red Hat package) Operating systems & Components / Operating system package or component libinput (Red Hat package) Operating systems & Components / Operating system package or component libglvnd (Red Hat package) Operating systems & Components / Operating system package or component libdrm (Red Hat package) Operating systems & Components / Operating system package or component libX11 (Red Hat package) Operating systems & Components / Operating system package or component egl-wayland (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU41865
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-14344
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in the X Input Method (XIM) client in libX11. A local user can run a specially crafted program, trigger integer overflow and execute arbitrary code on the system with elevated privileges.
Install updates from vendor's website.
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
xorg-x11-server (Red Hat package): before 1.20.10-1.el8
xorg-x11-drivers (Red Hat package): before 7.7-30.el8
mesa (Red Hat package): before 20.3.3-2.el8
libwacom (Red Hat package): before 1.6-2.el8
libinput (Red Hat package): before 1.16.3-1.el8
libglvnd (Red Hat package): before 1.3.2-1.el8
libdrm (Red Hat package): before 2.4.103-1.el8
libX11 (Red Hat package): before 1.6.8-4.el8
egl-wayland (Red Hat package): before 1.1.5-3.el8
CPE2.3- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_arm_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:xorg-x11-server_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:xorg-x11-drivers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:mesa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libwacom_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libinput_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libglvnd_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libdrm_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libx11_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:egl-wayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:1804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU46028
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-14345
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in XkbSetNames(). A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
xorg-x11-server (Red Hat package): before 1.20.10-1.el8
xorg-x11-drivers (Red Hat package): before 7.7-30.el8
mesa (Red Hat package): before 20.3.3-2.el8
libwacom (Red Hat package): before 1.6-2.el8
libinput (Red Hat package): before 1.16.3-1.el8
libglvnd (Red Hat package): before 1.3.2-1.el8
libdrm (Red Hat package): before 2.4.103-1.el8
libX11 (Red Hat package): before 1.6.8-4.el8
egl-wayland (Red Hat package): before 1.1.5-3.el8
CPE2.3- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_arm_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:xorg-x11-server_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:xorg-x11-drivers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:mesa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libwacom_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libinput_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libglvnd_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libdrm_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libx11_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:egl-wayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:1804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer underflow
EUVDB-ID: #VU46029
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2020-14346
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer underflow in the XIChangeHierarchy(). A local user can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system with elevated privileges.
Install updates from vendor's website.
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
xorg-x11-server (Red Hat package): before 1.20.10-1.el8
xorg-x11-drivers (Red Hat package): before 7.7-30.el8
mesa (Red Hat package): before 20.3.3-2.el8
libwacom (Red Hat package): before 1.6-2.el8
libinput (Red Hat package): before 1.16.3-1.el8
libglvnd (Red Hat package): before 1.3.2-1.el8
libdrm (Red Hat package): before 2.4.103-1.el8
libX11 (Red Hat package): before 1.6.8-4.el8
egl-wayland (Red Hat package): before 1.1.5-3.el8
CPE2.3- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_arm_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:xorg-x11-server_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:xorg-x11-drivers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:mesa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libwacom_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libinput_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libglvnd_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libdrm_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libx11_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:egl-wayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:1804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Initialization
EUVDB-ID: #VU45684
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-14347
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
MitigationInstall updates from vendor's website.
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
xorg-x11-server (Red Hat package): before 1.20.10-1.el8
xorg-x11-drivers (Red Hat package): before 7.7-30.el8
mesa (Red Hat package): before 20.3.3-2.el8
libwacom (Red Hat package): before 1.6-2.el8
libinput (Red Hat package): before 1.16.3-1.el8
libglvnd (Red Hat package): before 1.3.2-1.el8
libdrm (Red Hat package): before 2.4.103-1.el8
libX11 (Red Hat package): before 1.6.8-4.el8
egl-wayland (Red Hat package): before 1.1.5-3.el8
CPE2.3- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_arm_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:xorg-x11-server_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:xorg-x11-drivers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:mesa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libwacom_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libinput_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libglvnd_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libdrm_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libx11_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:egl-wayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:1804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU48758
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-14360
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing XkbSetMap requests. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
xorg-x11-server (Red Hat package): before 1.20.10-1.el8
xorg-x11-drivers (Red Hat package): before 7.7-30.el8
mesa (Red Hat package): before 20.3.3-2.el8
libwacom (Red Hat package): before 1.6-2.el8
libinput (Red Hat package): before 1.16.3-1.el8
libglvnd (Red Hat package): before 1.3.2-1.el8
libdrm (Red Hat package): before 2.4.103-1.el8
libX11 (Red Hat package): before 1.6.8-4.el8
egl-wayland (Red Hat package): before 1.1.5-3.el8
CPE2.3- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_arm_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:xorg-x11-server_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:xorg-x11-drivers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:mesa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libwacom_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libinput_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libglvnd_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libdrm_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libx11_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:egl-wayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:1804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer underflow
EUVDB-ID: #VU46030
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2020-14361
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer underflow in the XkbSelectEvents(). A local user can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
xorg-x11-server (Red Hat package): before 1.20.10-1.el8
xorg-x11-drivers (Red Hat package): before 7.7-30.el8
mesa (Red Hat package): before 20.3.3-2.el8
libwacom (Red Hat package): before 1.6-2.el8
libinput (Red Hat package): before 1.16.3-1.el8
libglvnd (Red Hat package): before 1.3.2-1.el8
libdrm (Red Hat package): before 2.4.103-1.el8
libX11 (Red Hat package): before 1.6.8-4.el8
egl-wayland (Red Hat package): before 1.1.5-3.el8
CPE2.3- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_arm_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:xorg-x11-server_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:xorg-x11-drivers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:mesa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libwacom_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libinput_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libglvnd_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libdrm_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libx11_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:egl-wayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:1804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer underflow
EUVDB-ID: #VU46031
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2020-14362
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer underflow in the XRecordRegisterClients(). A local user can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
xorg-x11-server (Red Hat package): before 1.20.10-1.el8
xorg-x11-drivers (Red Hat package): before 7.7-30.el8
mesa (Red Hat package): before 20.3.3-2.el8
libwacom (Red Hat package): before 1.6-2.el8
libinput (Red Hat package): before 1.16.3-1.el8
libglvnd (Red Hat package): before 1.3.2-1.el8
libdrm (Red Hat package): before 2.4.103-1.el8
libX11 (Red Hat package): before 1.6.8-4.el8
egl-wayland (Red Hat package): before 1.1.5-3.el8
CPE2.3- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_arm_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:xorg-x11-server_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:xorg-x11-drivers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:mesa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libwacom_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libinput_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libglvnd_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libdrm_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libx11_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:egl-wayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:1804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Double Free
EUVDB-ID: #VU46027
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-14363
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when handling locales in LibX11. A local user can run a specially crafted program to trigger integer overflow and double free and execute arbitrary code on the system with elevated privileges.
Install updates from vendor's website.
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
xorg-x11-server (Red Hat package): before 1.20.10-1.el8
xorg-x11-drivers (Red Hat package): before 7.7-30.el8
mesa (Red Hat package): before 20.3.3-2.el8
libwacom (Red Hat package): before 1.6-2.el8
libinput (Red Hat package): before 1.16.3-1.el8
libglvnd (Red Hat package): before 1.3.2-1.el8
libdrm (Red Hat package): before 2.4.103-1.el8
libX11 (Red Hat package): before 1.6.8-4.el8
egl-wayland (Red Hat package): before 1.1.5-3.el8
CPE2.3- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_arm_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:xorg-x11-server_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:xorg-x11-drivers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:mesa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libwacom_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libinput_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libglvnd_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libdrm_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libx11_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:egl-wayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:1804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Heap-based buffer overflow
EUVDB-ID: #VU48759
Risk: Low
CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2020-25712
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within XkbSetDeviceInfo functionality. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
Install updates from vendor's website.
Red Hat CodeReady Linux Builder for ARM 64: 8.0
Red Hat CodeReady Linux Builder for Power, little endian: 8.0
Red Hat CodeReady Linux Builder for x86_64: 8.0
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
xorg-x11-server (Red Hat package): before 1.20.10-1.el8
xorg-x11-drivers (Red Hat package): before 7.7-30.el8
mesa (Red Hat package): before 20.3.3-2.el8
libwacom (Red Hat package): before 1.6-2.el8
libinput (Red Hat package): before 1.16.3-1.el8
libglvnd (Red Hat package): before 1.3.2-1.el8
libdrm (Red Hat package): before 2.4.103-1.el8
libX11 (Red Hat package): before 1.6.8-4.el8
egl-wayland (Red Hat package): before 1.1.5-3.el8
CPE2.3- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_arm_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_codeready_linux_builder_for_x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:xorg-x11-server_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:xorg-x11-drivers_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:mesa_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libwacom_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libinput_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libglvnd_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libdrm_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:libx11_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:egl-wayland_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2021:1804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
