CVE-2024-0409

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

Published: Jan 18, 2024
Updated: Feb 1, 2024
CVE: CVE-2024-0409
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
x.org / xwayland	-	23.2.4
x.org / xorg-server	-	21.1.11
tigervnc / tigervnc	-	1.13.1
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_for_scientific_computing	7.0	7.0.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_for_power_little_endian	7.0	7.0.x
redhat / enterprise_linux_for_power_big_endian	7.0	7.0.x
redhat / enterprise_linux_for_ibm_z_systems	7.0	7.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
fedoraproject / fedora	39	39.x

Vulnerability Database

289,599

CVE-2024-0409