← back
CVE-2024-0409

Xorg-x11-server: selinux context corruption

CVSS 7.8 HIGHEPSS 0.4%CWE-787
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
18 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →