A vulnerability classified as critical has been found in Wayland (version now known). This affects some unknown processing of the component wl_shm Buffer Object Handler. The manipulation with an unknown input leads to a reference count vulnerability. CWE is classifying the issue as CWE-911. The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.

The weakness was shared 09/24/2022 as 224. It is possible to read the advisory at gitlab.freedesktop.org. This vulnerability is uniquely identified as CVE-2021-3782 since 09/09/2021. The technical details are unknown and an exploit is not publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Name

• Wayland

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion