CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0409

Critical Severity
X.org
SVRS
70/100
CVSSv3
7.8/10
EPSS
0.0001/1

CVE-2024-0409 is a critical security vulnerability found in the X.Org server that can lead to security context overwrites. The vulnerability stems from incorrect private type usage in the cursor code of Xephyr and Xwayland. This leads to the XSELINUX context being overwritten during cursor initialization. Although the CVSS score is 7.8, SOCRadar's Vulnerability Risk Score (SVRS) is 70, indicating a significant risk, even though it does not reach the threshold for immediate action. This flaw allows a local attacker to potentially escalate privileges by manipulating the XSELINUX context. Immediate patching of the X.Org server is crucial to mitigate this risk and prevent potential exploitation. This vulnerability is significant due to its potential impact on system security and the wide usage of X.Org servers.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-01-18
LAST MODIFIED2024-09-16

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Long Term Support Channel Update for ChromeOS
Giuliana Pritchard ([email protected])2024-05-13
Long Term Support Channel Update for ChromeOS | LTS-120 is being updated in the LTS (Long Term Support) channel, version 120.0.6099.310 (Platform Version: 15662.107.0), for most ChromeOS devices. 
cve-2024-0409
cve-2024-4331
cve-2024-4671
cve-2024-21626

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppX.orgxwayland
AppX.orgxorg-server
AppTigervnctigervnc
Configuration 2
TypeVendorProduct
OSRedhatenterprise_linux
OSRedhatenterprise_linux_desktop
OSRedhatenterprise_linux_workstation
OSFedoraprojectfedora
OSRedhatenterprise_linux_for_scientific_computing
OSRedhatenterprise_linux_server
OSRedhatenterprise_linux_for_power_big_endian
OSRedhatenterprise_linux_for_power_little_endian
OSRedhatenterprise_linux_for_ibm_z_systems

References

ReferenceLink
[email protected]https://access.redhat.com/security/cve/CVE-2024-0409
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2257690
[email protected]https://access.redhat.com/security/cve/CVE-2024-0409
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2257690
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
[email protected]https://access.redhat.com/errata/RHSA-2024:0320
[email protected]https://access.redhat.com/security/cve/CVE-2024-0409
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2257690
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
[email protected]https://access.redhat.com/errata/RHSA-2024:0320
[email protected]https://access.redhat.com/security/cve/CVE-2024-0409
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2257690
[email protected]https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
[email protected]https://access.redhat.com/errata/RHSA-2024:0320
[email protected]https://access.redhat.com/security/cve/CVE-2024-0409
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2257690
[email protected]https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
[email protected]https://security.gentoo.org/glsa/202401-30
[email protected]https://access.redhat.com/errata/RHSA-2024:0320
[email protected]https://access.redhat.com/security/cve/CVE-2024-0409
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2257690
[email protected]https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
[email protected]https://security.gentoo.org/glsa/202401-30
[email protected]https://access.redhat.com/errata/RHSA-2024:0320
[email protected]https://access.redhat.com/security/cve/CVE-2024-0409
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2257690
[email protected]https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
[email protected]https://security.gentoo.org/glsa/202401-30
[email protected]https://security.netapp.com/advisory/ntap-20240307-0006/
[email protected]https://access.redhat.com/errata/RHSA-2024:0320
[email protected]https://access.redhat.com/errata/RHSA-2024:2169
[email protected]https://access.redhat.com/errata/RHSA-2024:2170
[email protected]https://access.redhat.com/security/cve/CVE-2024-0409
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2257690
[email protected]https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
[email protected]https://security.gentoo.org/glsa/202401-30
[email protected]https://security.netapp.com/advisory/ntap-20240307-0006/
[email protected]https://access.redhat.com/errata/RHSA-2024:0320
[email protected]https://access.redhat.com/errata/RHSA-2024:2169
[email protected]https://access.redhat.com/errata/RHSA-2024:2170
[email protected]https://access.redhat.com/errata/RHSA-2024:2995
[email protected]https://access.redhat.com/errata/RHSA-2024:2996
[email protected]https://access.redhat.com/security/cve/CVE-2024-0409
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2257690
[email protected]https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
[email protected]https://security.gentoo.org/glsa/202401-30
[email protected]https://security.netapp.com/advisory/ntap-20240307-0006/
[email protected]https://access.redhat.com/errata/RHSA-2024:0320
[email protected]https://access.redhat.com/errata/RHSA-2024:2169
[email protected]https://access.redhat.com/errata/RHSA-2024:2170
[email protected]https://access.redhat.com/errata/RHSA-2024:2995
[email protected]https://access.redhat.com/errata/RHSA-2024:2996
[email protected]https://access.redhat.com/security/cve/CVE-2024-0409
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2257690

CWE Details

CWE IDCWE NameDescription
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence