Nixpkgs security tracker
Untriaged
Permalink
CVE-2024-0409
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Xorg-x11-server: selinux context corruption
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
References
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240307-0006/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240307-0006/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240307-0006/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240307-0006/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240307-0006/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240307-0006/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240307-0006/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240307-0006/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240307-0006/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20240307-0006/ x_transferred
Affected products
tigervnc
xwayland
- ==23.2.4
xorg-server
- <21.1.11
- ==21.1.11
xorg-x11-server
- *
xorg-x11-server-Xwayland
- *
Matching in nixpkgs
pkgs.tigervnc
Fork of tightVNC, made in cooperation with VirtualGL
pkgs.xorg.xorgserver
None