CVE-2021-3982 — MEDIUM (5.5)

Vulnerability Description

Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnome	Gnome-Shell	-

Related Weaknesses (CWE)

CWE-273

References

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284Issue TrackingPatchThird Party Advisory
https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060Issue TrackingPatchThird Party Advisory
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284Issue TrackingPatchThird Party Advisory
https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2021-3982?

CVE-2021-3982 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is curren...

How severe is CVE-2021-3982?

CVE-2021-3982 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3982?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gnome-Shell.