ГлавнаяУязвимости → CVE-2024-0409
7.8высокая

CVE-2024-0409

→ есть в БДУ: BDU:2024-00639 (на русском)
Описание (на английском; русское — в БДУ выше)

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

Затрагиваемое ПО
Tigervnc TigervncX.org X serverX.org XwaylandFedoraproject FedoraRedhat Enterprise linuxRedhat Enterprise linux desktopRedhat Enterprise linux for ibm z systemsRedhat Enterprise linux for power big endianRedhat Enterprise linux for power little endianRedhat Enterprise linux for scientific computingRedhat Enterprise linux serverRedhat Enterprise linux workstation
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://access.redhat.com/errata/RHSA-2024:0320https://access.redhat.com/errata/RHSA-2024:2169https://access.redhat.com/errata/RHSA-2024:2170https://access.redhat.com/errata/RHSA-2024:2995https://access.redhat.com/errata/RHSA-2024:2996https://access.redhat.com/security/cve/CVE-2024-0409https://bugzilla.redhat.com/show_bug.cgi?id=2257690https://access.redhat.com/errata/RHSA-2024:0320