Unknown
CVE-2024-0408
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2024-0408
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- fedoraproject,
- redhat,
- tigervnc,
- x.org
Products
- enterprise linux 6.0,
- enterprise linux 7.0,
- enterprise linux 8.0,
- enterprise linux 9.0,
- enterprise linux desktop 7.0,
- enterprise linux for ibm z systems 7.0,
- enterprise linux for power big endian 7.0,
- enterprise linux for power little endian 7.0,
- enterprise linux for scientific computing 7.0,
- enterprise linux server 7.0,
- enterprise linux workstation 7.0,
- fedora 39,
- tigervnc,
- xorg-server,
- xwayland
References
Miscellaneous
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
