CVE-2021-3782

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3782

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3782.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3782

Related

Published

2022-09-23T16:15:10Z

Modified

2024-09-18T03:15:37.366646Z

Severity

6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVSS Calculator

Summary

[none]

Details

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wlshm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.

References

Affected packages

Debian:11 / wayland

Package

Name: wayland
Purl: pkg:deb/debian/wayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.18.0-2~exp1.1

1.19.0-1

1.19.0-2

1.20.0-1

1.20.92-1

1.21.0-1

1.22.0-1

1.22.0-2

1.22.0-2.1

1.23.0-1~bpo12+1

1.23.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / wayland

Package

Name: wayland
Purl: pkg:deb/debian/wayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / wayland

Package

Name: wayland
Purl: pkg:deb/debian/wayland?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.freedesktop.org/wayland/wayland

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/wayland/wayland
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

73d4d2410e2e0d0579bacc7f87d37bf4ec15cbbb

Affected versions

0.*

0.94.90

0.95.0

0.99.0

1.*

1.0.0

1.0.1

1.0.90

1.1.0

1.1.91

1.10.0

1.10.91

1.10.92

1.10.93

1.11.0

1.11.91

1.11.92

1.11.93

1.11.94

1.12.0

1.12.91

1.12.92

1.12.93

1.13.0

1.13.91

1.13.92

1.13.93

1.14.0

1.14.91

1.14.92

1.14.93

1.15.0

1.15.91

1.15.92

1.15.93

1.15.94

1.16.0

1.16.91

1.16.92

1.16.93

1.17.0

1.17.91

1.17.92

1.17.93

1.18.0

1.18.91

1.18.92

1.18.93

1.19.0

1.19.91

1.19.92

1.19.93

1.2.0

1.2.91

1.2.92

1.20.0

1.3.0

1.3.91

1.3.92

1.3.93

1.4.0

1.4.91

1.4.92

1.4.93

1.5.0

1.5.91

1.5.92

1.5.93

1.6.0

1.6.91

1.6.92

1.6.93

1.7.0

1.7.91

1.7.92

1.7.93

1.8.0

1.8.91

1.8.92

1.8.93

1.9.0

1.9.91

1.9.92

1.9.93