CVE-2024-0409

Name
CVE-2024-0409
Description
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
secalert@redhat.com https://access.redhat.com/security/cve/CVE-2024-0409
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2257690
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0320
secalert@redhat.com https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
secalert@redhat.com https://security.gentoo.org/glsa/202401-30
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
secalert@redhat.com https://security.netapp.com/advisory/ntap-20240307-0006/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2169
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2170
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2995
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2996

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:* tigervnc >= None < 1.13.1
cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:* xorg-server >= None < 21.1.11
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* xwayland >= None < 23.2.4
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* x_server >= None < 21.1.11

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xwayland edge-community 23.2.4-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xwayland edge-community 23.2.2-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xwayland edge-community 22.1.8-r0 psykose <alice@ayaya.dev> fixed
xwayland edge-community 22.1.6-r0 psykose <alice@ayaya.dev> fixed
xwayland edge-community 21.1.4-r0 None possibly vulnerable
xwayland edge-community 21.1.0-r4 None possibly vulnerable
xwayland 3.22-community 23.2.4-r0 None fixed
xwayland 3.22-community 23.2.2-r0 None fixed
xwayland 3.22-community 22.1.8-r0 None fixed
xwayland 3.22-community 22.1.6-r0 None fixed
xwayland 3.22-community 21.1.4-r0 None possibly vulnerable
xwayland 3.22-community 21.1.0-r4 None possibly vulnerable
xwayland 3.21-community 23.2.4-r0 None fixed
xwayland 3.20-community 23.2.4-r0 None fixed
xwayland 3.19-community 23.2.4-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xorg-server edge-community 21.1.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xorg-server edge-community 21.1.10-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 21.1.9-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 21.1.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 21.1.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 21.1.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 21.1.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xorg-server edge-community 1.20.10-r5 None possibly vulnerable
xorg-server edge-community 1.20.10-r0 None possibly vulnerable
xorg-server edge-community 1.20.9-r0 None possibly vulnerable
xorg-server edge-community 1.20.8-r4 None possibly vulnerable
xorg-server edge-community 1.20.3-r0 None possibly vulnerable
xorg-server edge-community 1.19.5-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.11-r0 None fixed
xorg-server 3.22-community 21.1.10-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.9-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.7-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.5-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.4-r0 None possibly vulnerable
xorg-server 3.22-community 21.1.2-r0 None possibly vulnerable
xorg-server 3.22-community 1.20.10-r5 None possibly vulnerable
xorg-server 3.22-community 1.20.10-r0 None possibly vulnerable
xorg-server 3.22-community 1.20.9-r0 None possibly vulnerable
xorg-server 3.22-community 1.20.8-r4 None possibly vulnerable
xorg-server 3.22-community 1.20.3-r0 None possibly vulnerable
xorg-server 3.22-community 1.19.5-r0 None possibly vulnerable
xorg-server 3.21-community 21.1.11-r0 None fixed
xorg-server 3.20-community 21.1.11-r0 None fixed
xorg-server 3.19-community 21.1.11-r0 Natanael Copa <ncopa@alpinelinux.org> fixed