Code injection

2024-01-1816:15:00

PRIOn knowledge base

www.prio-n.com

x.org server

xephyr

xwayland

code injection

cursor code

security flaw

nvd

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.2%

JSON

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

CPENameOperatorVersion
fedoraeq39
enterprise_linuxeq7.0
enterprise_linuxeq6.0
enterprise_linuxeq8.0
enterprise_linuxeq9.0
enterprise_linux_desktopeq7.0
enterprise_linux_for_ibm_z_systemseq7.0
enterprise_linux_for_power_big_endianeq7.0
enterprise_linux_for_power_little_endianeq7.0
enterprise_linux_for_scientific_computingeq7.0

Name	Operator	Version
fedora	eq	39
enterprise_linux	eq	7.0
enterprise_linux	eq	6.0
enterprise_linux	eq	8.0
enterprise_linux	eq	9.0
enterprise_linux_desktop	eq	7.0
enterprise_linux_for_ibm_z_systems	eq	7.0
enterprise_linux_for_power_big_endian	eq	7.0
enterprise_linux_for_power_little_endian	eq	7.0
enterprise_linux_for_scientific_computing	eq	7.0