7.8

CVE-2024-0409

EPSS 0.02%
Published 18.01.2024 16:15:08
Last modified 29.08.2025 13:42:30
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

Affected products Warnungen 0 Metrics 3 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Tigervnc ≫ Tigervnc Version < 1.13.1

X.Org ≫ X Server Version < 21.1.11

X.Org ≫ Xwayland Version < 23.2.4

Fedoraproject ≫ Fedora Version39

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.025

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2996

https://security.gentoo.org/glsa/202401-30

https://access.redhat.com/errata/RHSA-2024:0320

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

https://security.netapp.com/advisory/ntap-20240307-0006/

https://access.redhat.com/security/cve/CVE-2024-0409

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2257690

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-0409

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0409

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0409

EUVD