Vulnerability CVE-2024-0408: Information

Description

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-0408
Published: Jan. 18, 2024
Modified: April 30, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
tigervncc10f11.13.1-alt21.13.1-alt2ALT-PU-2024-3843-3342557Fixed
tigervncc9f21.13.1-alt21.13.1-alt2ALT-PU-2024-1936-3340033Fixed
xorg-serversisyphus_riscv6421.1.11-alt121.1.13-alt1ALT-PU-2024-2940-1-Fixed
xorg-serverp101.20.14-alt111.20.14-alt12ALT-PU-2024-1183-2338291Fixed
xorg-serverp91.20.8-alt121.20.8-alt12ALT-PU-2024-1181-2338294Fixed
xorg-serverc10f11.20.14-alt111.20.14-alt12ALT-PU-2024-4743-2343922Fixed
xorg-serverc9f21.20.8-alt121.20.8-alt12ALT-PU-2024-3261-2341756Fixed
xorg-xwaylandsisyphus23.2.4-alt123.2.6-alt1ALT-PU-2024-5972-1338286Fixed
xorg-xwaylandp1023.1.1-alt423.1.1-alt5ALT-PU-2024-1182-2338291Fixed
xorg-xwaylandc10f123.1.1-alt423.1.1-alt5ALT-PU-2024-4745-2343922Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2024-0408
  • Third Party Advisory
RHBZ#2257689
  • Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
  • Mailing List
  • Third Party Advisory
RHSA-2024:0320
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
  • Mailing List
  • Third Party Advisory
https://security.gentoo.org/glsa/202401-30
    https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
      https://security.netapp.com/advisory/ntap-20240307-0006/
        RHSA-2024:2169
          RHSA-2024:2170

              1. Configuration 1

                cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
                End excliding
                23.2.4
                cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
                End excliding
                21.1.11
                cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*
                End excliding
                1.13.1

                Configuration 2

                cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
                cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
                cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.0
            Back to top