CVE-2024-0408

Name
CVE-2024-0408
Description
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
secalert@redhat.com https://access.redhat.com/security/cve/CVE-2024-0408
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2257689
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0320
secalert@redhat.com https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
secalert@redhat.com https://security.gentoo.org/glsa/202401-30
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
secalert@redhat.com https://security.netapp.com/advisory/ntap-20240307-0006/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2169
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2170
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2995
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2996

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:* tigervnc >= None < 1.13.1
cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:* xorg-server >= None < 21.1.11
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* xwayland >= None < 23.2.4
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* x_server >= None < 21.1.11

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xwayland edge-community 23.2.4-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xwayland edge-community 23.2.2-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xwayland edge-community 22.1.8-r0 psykose <alice@ayaya.dev> fixed
xwayland edge-community 22.1.6-r0 psykose <alice@ayaya.dev> fixed
xwayland edge-community 21.1.4-r0 None possibly vulnerable
xwayland edge-community 21.1.0-r4 None possibly vulnerable
xwayland 3.22-community 23.2.4-r0 None fixed
xwayland 3.22-community 23.2.2-r0 None fixed
xwayland 3.22-community 22.1.8-r0 None fixed
xwayland 3.22-community 22.1.6-r0 None fixed
xwayland 3.22-community 21.1.4-r0 None possibly vulnerable
xwayland 3.22-community 21.1.0-r4 None possibly vulnerable
xwayland 3.21-community 23.2.4-r0 None fixed
xwayland 3.20-community 23.2.4-r0 None fixed
xwayland 3.19-community 23.2.4-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xorg-server edge-community 21.1.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xorg-server edge-community 21.1.10-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 21.1.9-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 21.1.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 21.1.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 21.1.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 21.1.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 1.20.10-r5 None possibly vulnerable
xorg-server edge-community 1.20.10-r0 None possibly vulnerable
xorg-server edge-community 1.20.9-r0 None possibly vulnerable
xorg-server edge-community 1.20.8-r4 None possibly vulnerable
xorg-server edge-community 1.20.3-r0 None possibly vulnerable
xorg-server edge-community 1.19.5-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.11-r0 None fixed
xorg-server 3.22-community 21.1.10-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.9-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.7-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.5-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.4-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.2-r0 None possibly vulnerable
xorg-server 3.22-community 1.20.10-r5 None possibly vulnerable
xorg-server 3.22-community 1.20.10-r0 None possibly vulnerable
xorg-server 3.22-community 1.20.9-r0 None possibly vulnerable
xorg-server 3.22-community 1.20.8-r4 None possibly vulnerable
xorg-server 3.22-community 1.20.3-r0 None possibly vulnerable
xorg-server 3.22-community 1.19.5-r0 None possibly vulnerable
xorg-server 3.21-community 21.1.11-r0 None fixed
xorg-server 3.20-community 21.1.11-r0 None fixed
xorg-server 3.19-community 21.1.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed