CVE-2024-0408

Severity

55%

Complexity

18%

Confidentiality

60%

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Overview

First reported 1 year ago

2024-01-18 16:15:00

Last updated 3 months ago

2024-11-21 08:46:00

Affected Software

TigerVNC

RedHat Enterprise Linux Desktop 7.0

7.0

RedHat Enterprise Linux Workstation 7.0

7.0

Red Hat Enterprise Linux (RHEL) 7.0 (7)

7.0

Red Hat Enterprise Linux 6.0

6.0

RedHat Enterprise Linux Server 7.0

7.0

Red Hat Enterprise Linux 8.0

8.0

References

https://access.redhat.com/security/cve/CVE-2024-0408

RHBZ#2257689

https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

RHSA-2024:0320

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

https://access.redhat.com/security/cve/CVE-2024-0408

Third Party Advisory

RHBZ#2257689

Issue Tracking

https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

Mailing List, Third Party Advisory

RHSA-2024:0320

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

Mailing List, Third Party Advisory

https://security.gentoo.org/glsa/202401-30

https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

https://security.netapp.com/advisory/ntap-20240307-0006/

RHSA-2024:2169

RHSA-2024:2170

RHSA-2024:2995

RHSA-2024:2996

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2024-0408

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 1 year ago

Last updated 3 months ago

Affected Software

TigerVNC

RedHat Enterprise Linux Desktop 7.0

RedHat Enterprise Linux Workstation 7.0

Red Hat Enterprise Linux (RHEL) 7.0 (7)

Red Hat Enterprise Linux 6.0

RedHat Enterprise Linux Server 7.0

Red Hat Enterprise Linux 8.0

References

https://access.redhat.com/security/cve/CVE-2024-0408

RHBZ#2257689

https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

RHSA-2024:0320

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

https://access.redhat.com/security/cve/CVE-2024-0408

RHBZ#2257689

https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

RHSA-2024:0320

https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

https://security.gentoo.org/glsa/202401-30

https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

https://security.netapp.com/advisory/ntap-20240307-0006/

RHSA-2024:2169

RHSA-2024:2170

RHSA-2024:2995

RHSA-2024:2996

Stay updated

Get in touch