PT-2024-1242 · X.Org+9 · Xwayland+10
Patrick Del Bello
·
Published
2024-01-16
·
Updated
2025-09-15
·
CVE-2024-0408
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
X.Org server versions prior to 21.1.11
Xwayland versions prior to 23.2.4
Description
A flaw was found in the X.Org server, specifically in the GLX PBuffer code, which does not call the XACE hook when creating the buffer, leaving it unlabeled. This can cause the XSELINUX code to crash when trying to access the buffer, as the SID is NULL. The issue is related to pointer dereference errors in the GLX PBuffer Handler component of the X Window System X.Org Server. Exploitation of this issue can allow an attacker to cause a denial of service.
Recommendations
For X.Org server versions prior to 21.1.11, update to version 21.1.11 or later to resolve the issue.
For Xwayland versions prior to 23.2.4, update to version 23.2.4 or later to resolve the issue.
As a temporary workaround, consider disabling the SELinux xserver object manager to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Debian
Linuxmint
Red Hat
Red Os
Suse
Ubuntu
X.Org Server
Xwayland