CVE-2024-0408

CVSS V2 None CVSS V3 None
Description
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
Overview
  • CVE ID
  • CVE-2024-0408
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-01-18T15:40:06.955Z
  • Last Modified Date
  • 2024-05-29T23:25:52.111Z
Weakness Enumerations
CWE URL
CWE-158 http://cwe.mitre.org/data/definitions/158.html
References
Reference URL Reference Tags
https://access.redhat.com/errata/RHSA-2024:0320 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2169 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2170 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2995 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2996 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-0408 vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2257689 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
https://security.gentoo.org/glsa/202401-30
https://security.netapp.com/advisory/ntap-20240307-0006/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2024-0408
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0408
History
Created Old Value New Value Data Type Notes
2024-06-26 09:35:56 Added to TrackCVE