ByteOS Network

NVD Vulnerability Details :

CVE-2021-3982

Analyzed

Source-secalert@redhat.com

Published At-29 Apr, 2022 | 17:15

Updated At-03 Feb, 2023 | 01:57

Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 2.1

Base severity: LOW

Vector:

AV:L/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

The GNOME Project

>>gnome-shell>>-

cpe:2.3:a:gnome:gnome-shell:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-273	Primary	nvd@nist.gov
CWE-273	Secondary	secalert@redhat.com

CWE ID: CWE-273

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-273

Type: Secondary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284	secalert@redhat.com	Issue Tracking Patch Third Party Advisory
https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060	secalert@redhat.com	Issue Tracking Patch Third Party Advisory

Hyperlink: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284

Source: secalert@redhat.com

Resource:

Issue Tracking

Patch

Third Party Advisory

Hyperlink: https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060

Source: secalert@redhat.com

Resource:

Issue Tracking

Patch

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History