Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-0408

Опубликовано: 18 янв. 2024
Источник: nvd
CVSS3: 5.5
EPSS Низкий

Описание

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*
Версия до 1.13.1 (исключая)
cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
Версия до 21.1.11 (исключая)
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
Версия до 23.2.4 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 3%
0.00019
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-158
NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2024-0408

CVSS3: 5.5
ubuntu
больше 1 года назад

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

redhat логотип

CVE-2024-0408

CVSS3: 5.5
redhat
больше 1 года назад

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

msrc логотип

CVE-2024-0408

CVSS3: 5.5
msrc
4 месяца назад

Описание отсутствует

debian логотип

CVE-2024-0408

CVSS3: 5.5
debian
больше 1 года назад

A flaw was found in the X.Org server. The GLX PBuffer code does not ca ...

github логотип

GHSA-rcj8-jx65-7c4r

CVSS3: 5.5
github
больше 1 года назад

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

EPSS

Процентиль: 3%
0.00019
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-158
NVD-CWE-Other