CVE-2024-0409

high

Description

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

References

Advisories
More

https://bugzilla.redhat.com/show_bug.cgi?id=2257690

https://access.redhat.com/security/cve/CVE-2024-0409

https://access.redhat.com/errata/RHSA-2024:2996

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:0320

https://security.netapp.com/advisory/ntap-20240307-0006/

https://security.gentoo.org/glsa/202401-30

https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

Details

Source: Mitre, NVD

Published: 2024-01-18

Updated: 2025-08-29

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00068