CVE-2024-0409

CVE-2024-0409

Name

CVE-2024-0409

Description

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-0409
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2257690
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0320
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
secalert@redhat.com	https://security.gentoo.org/glsa/202401-30
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20240307-0006/
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:2169
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:2170
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:2995
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:2996

Type

URI

secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-0409

secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2257690

secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0320

secalert@redhat.com

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

secalert@redhat.com

https://security.gentoo.org/glsa/202401-30

secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

secalert@redhat.com

https://security.netapp.com/advisory/ntap-20240307-0006/

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2169

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2170

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2995

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:2996

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:tigervnc:tigervnc::::::::`	tigervnc	>= None	< 1.13.1
`cpe:2.3:a:x.org:xorg-server::::::::`	xorg-server	>= None	< 21.1.11
`cpe:2.3:a:x.org:xwayland::::::::`	xwayland	>= None	< 23.2.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*

tigervnc

>= None

< 1.13.1

cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*

xorg-server

>= None

< 21.1.11

cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*

xwayland

>= None

< 23.2.4

References

Match rules

Vulnerable and fixed packages