CVE-2021-3982 (https://bugzilla.redhat.com/show_bug.cgi?id=2024174): Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. The issue was reported in gnome-shell, but apparently fixed in mutter: https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2060 https://gitlab.gnome.org/GNOME/mutter/-/commit/820aa18126674dcee73f47afb23ed89b57251e2d
I don't think we're affected because we don't set any caps on gnome-shell? There's a github pull request to do so, but I never merged it: https://github.com/gentoo/gentoo/pull/21669 Someone confirm that we're not affected? In any case, the commit in mutter is included in 42.0.
Impact is low, exploitation is likely going to be complex, and it's unclear whether we're actually affected anyway. No GLSA.