A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:0320 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2024-0409 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2257690 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/ | |
https://security.gentoo.org/glsa/202401-30 | |
https://security.netapp.com/advisory/ntap-20240307-0006/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Mar 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Feb 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jan 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2024, 23:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* |
|
First Time |
Redhat enterprise Linux
Redhat enterprise Linux For Ibm Z Systems X.org Redhat enterprise Linux Desktop Fedoraproject fedora Fedoraproject Redhat enterprise Linux For Power Big Endian Redhat enterprise Linux For Scientific Computing Redhat enterprise Linux Server Redhat Tigervnc Tigervnc tigervnc X.org xwayland Redhat enterprise Linux For Power Little Endian X.org xorg-server Redhat enterprise Linux Workstation |
|
References | () https://access.redhat.com/errata/RHSA-2024:0320 - Third Party Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2024-0409 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2257690 - Issue Tracking, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ - Mailing List, Third Party Advisory |
25 Jan 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
19 Jan 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References |
|
18 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-18 16:15
Updated : 2024-03-07 17:15
NVD link : CVE-2024-0409
Mitre link : CVE-2024-0409
CVE.ORG link : CVE-2024-0409
JSON object : View
Products Affected
x.org
- xwayland
- xorg-server
fedoraproject
- fedora
redhat
- enterprise_linux
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_for_power_big_endian
- enterprise_linux_for_scientific_computing
- enterprise_linux_desktop
- enterprise_linux_for_power_little_endian
tigervnc
- tigervnc
CWE
CWE-787
Out-of-bounds Write