Trend Micro security researchers found that shortcomings in the X.Org Server’s X Input extension input validation could ultimately lead to privilege escalation for authorized clients.
CVE-2021-3472 involves insufficient checks on the lengths of an X Input request could lead to out-of-bounds memory accesses in the X.Org Server. If the X.Org Server is running with privileged rights, this could lead to privilege escalation for authorized X11 clients.
This patch fixes the XChangeFeedbackControl() request underflow.
Going along with today’s security advisory is X.Org Server 1.20.11 that has this fix plus other accumulated patches.
X.Org Server 1.20.11 is predominantly made up of many back-ported XQuartz fixes, Meson build fix with KMS depending on DRI2, and other fixes. See the change-log but overall not too exciting outside of this security fix and many XQuartz back-ports.
There still is no sign of X.Org Server 1.21 as the next feature release and meanwhile the XWayland standalone work continues. Speaking of which, XWayland 21.1.1 was also issued today with this X Input security fix.