Rapid7 Vulnerability & Exploit Database

Alma Linux: CVE-2024-0408: Moderate: xorg-x11-server security update (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Alma Linux: CVE-2024-0408: Moderate: xorg-x11-server security update (Multiple Advisories)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
01/18/2024
Created
05/08/2024
Added
05/08/2024
Modified
05/08/2024

Description

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

Solution(s)

  • alma-upgrade-xorg-x11-server-Xdmx
  • alma-upgrade-xorg-x11-server-Xephyr
  • alma-upgrade-xorg-x11-server-Xnest
  • alma-upgrade-xorg-x11-server-Xorg
  • alma-upgrade-xorg-x11-server-Xvfb
  • alma-upgrade-xorg-x11-server-Xwayland
  • alma-upgrade-xorg-x11-server-common
  • alma-upgrade-xorg-x11-server-devel
  • alma-upgrade-xorg-x11-server-source

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;