vulnerability
Amazon Linux 2023: CVE-2024-0409: Important priority package update for xorg-x11-server
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Jan 16, 2024 | Feb 17, 2025 | Jul 9, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Jan 16, 2024
Added
Feb 17, 2025
Modified
Jul 9, 2025
Description
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
Solutions
amazon-linux-2023-upgrade-xorg-x11-server-commonamazon-linux-2023-upgrade-xorg-x11-server-debuginfoamazon-linux-2023-upgrade-xorg-x11-server-debugsourceamazon-linux-2023-upgrade-xorg-x11-server-develamazon-linux-2023-upgrade-xorg-x11-server-sourceamazon-linux-2023-upgrade-xorg-x11-server-xdmxamazon-linux-2023-upgrade-xorg-x11-server-xdmx-debuginfoamazon-linux-2023-upgrade-xorg-x11-server-xephyramazon-linux-2023-upgrade-xorg-x11-server-xephyr-debuginfoamazon-linux-2023-upgrade-xorg-x11-server-xnestamazon-linux-2023-upgrade-xorg-x11-server-xnest-debuginfoamazon-linux-2023-upgrade-xorg-x11-server-xorgamazon-linux-2023-upgrade-xorg-x11-server-xorg-debuginfoamazon-linux-2023-upgrade-xorg-x11-server-xvfbamazon-linux-2023-upgrade-xorg-x11-server-xvfb-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.