VDB
CVE-2021-31523
CVE-2021-31523
PUBLISHED
The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.
EPSS 0.04% · 13.1th percentile
Risk Scores
EPSS Score
0.04%
13.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | xscreensaver | 5.42+dfsg1-1ubuntu1, 0 |
| Ubuntu:16.04:LTS | xscreensaver | 5.34-1ubuntu1, 5.30-1ubuntu1, 5.34-2ubuntu1 |
| Ubuntu:22.04:LTS | xscreensaver | 0, 5.45+dfsg1-2ubuntu1 |
| Ubuntu:24.04:LTS | xscreensaver | 0, 6.02+dfsg1-2ubuntu2, 6.06+dfsg1-3ubuntu1 |
| Ubuntu:25.10 | xscreensaver | 6.08+dfsg1-1ubuntu4, 6.08+dfsg1-1ubuntu3, 0 |
| Ubuntu:18.04:LTS | xscreensaver | 0, 5.36-1ubuntu1 |
Exploit Intelligence
Timeline
- Apr 21, 2021 CVE Published
- Apr 27, 2021 EPSS Score
- Jun 30, 2021 EPSS Score
- Sep 1, 2021 EPSS Score
- Nov 2, 2021 EPSS Score
- Jan 3, 2022 EPSS Score
- Mar 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 8, 2022 EPSS Score
- Jul 9, 2022 EPSS Score
- Sep 10, 2022 EPSS Score
- Nov 11, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-31523 third-party-advisory
- https://www.openwall.com/lists/oss-security/2021/04/17/1 third-party-advisory
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 third-party-advisory
- http://www.openwall.com/lists/oss-security/2021/04/21/3 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-31523 third-party-advisory