CVE-2024-0408

CVE-2024-0408

Name

CVE-2024-0408

Description

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-0408
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2257689
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0320
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
secalert@redhat.com	https://security.gentoo.org/glsa/202401-30
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20240307-0006/
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:2169
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:2170
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:2995
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:2996

Type

URI

secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-0408

secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2257689

secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0320

secalert@redhat.com

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

secalert@redhat.com

https://security.gentoo.org/glsa/202401-30

secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

secalert@redhat.com

https://security.netapp.com/advisory/ntap-20240307-0006/

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2169

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2170

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2995

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2996

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:tigervnc:tigervnc::::::::`	tigervnc	>= None	< 1.13.1
`cpe:2.3:a:x.org:xorg-server::::::::`	xorg-server	>= None	< 21.1.11
`cpe:2.3:a:x.org:xwayland::::::::`	xwayland	>= None	< 23.2.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*

tigervnc

>= None

< 1.13.1

cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*

xorg-server

>= None

< 21.1.11

cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*

xwayland

>= None

< 23.2.4

References

Match rules

Vulnerable and fixed packages