X.Org Server Vulnerability Affects Multiple Clients and Shared Memory Functionality
CVE-2017-13721

4.7MEDIUM

Key Information:

Vendor

X.org

Status
Xorg-server
Vendor
CVE Published:
10 October 2017

What is CVE-2017-13721?

In certain versions of X.Org Server prior to 1.19.4, an attacker with authentication access can exploit the X shared memory extension. This leads to potential system instability by causing the X server to abort or by manipulating shared memory segments utilized by other X clients within the same session. This vulnerability poses significant risks to the security and functionality of applications relying on shared memory.

References

https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201710-30
vendor-advisoryx_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2017/10/04/10
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.