Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-0409

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

Published

2024-01-18T16:15:08.593

Last Modified

2025-08-29T13:42:30.557

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-787
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tigervnc	tigervnc	< 1.13.1	Yes
Application	x.org	x_server	< 21.1.11	Yes
Application	x.org	xwayland	< 23.2.4	Yes
Operating System	fedoraproject	fedora	39	Yes
Operating System	redhat	enterprise_linux	6.0	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	7.0	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian	7.0	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	7.0	Yes
Operating System	redhat	enterprise_linux_for_scientific_computing	7.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes

References

https://access.redhat.com/errata/RHSA-2024:0320 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:2169 ([email protected])
https://access.redhat.com/errata/RHSA-2024:2170 ([email protected])
https://access.redhat.com/errata/RHSA-2024:2995 ([email protected])
https://access.redhat.com/errata/RHSA-2024:2996 ([email protected])
https://access.redhat.com/security/cve/CVE-2024-0409 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2257690 Issue Tracking, Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:0320 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2169 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2170 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2995 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2996 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2024-0409 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2257690 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202401-30 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240307-0006/ (af854a3a-2127-422b-91ae-364da2661108)