7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.2%
X.Org server is vulnerable to Out-of-bounds Write. The vulnerability is caused due to the cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
access.redhat.com/errata/RHSA-2024:0320
access.redhat.com/errata/RHSA-2024:2169
access.redhat.com/errata/RHSA-2024:2170
access.redhat.com/errata/RHSA-2024:2995
access.redhat.com/errata/RHSA-2024:2996
access.redhat.com/security/cve/CVE-2024-0409
bugzilla.redhat.com/show_bug.cgi?id=2257690
lists.debian.org/debian-lts-announce/2024/01/msg00016.html
lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
security-tracker.debian.org/tracker/CVE-2024-0409
security.gentoo.org/glsa/202401-30
security.netapp.com/advisory/ntap-20240307-0006/
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.2%