7.8

CVE-2024-0409

EPSS 0.02%
Veröffentlicht 18.01.2024 16:15:08
Zuletzt bearbeitet 29.08.2025 13:42:30
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tigervnc ≫ Tigervnc Version < 1.13.1

X.Org ≫ X Server Version < 21.1.11

X.Org ≫ Xwayland Version < 23.2.4

Fedoraproject ≫ Fedora Version39

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.025

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2996

https://security.gentoo.org/glsa/202401-30

https://access.redhat.com/errata/RHSA-2024:0320

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

https://security.netapp.com/advisory/ntap-20240307-0006/

https://access.redhat.com/security/cve/CVE-2024-0409

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2257690

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-0409

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0409

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0409

EUVD