PT-2024-1243 · X.Org+9 · X.Org Server+10

Patrick Del Bello

·

Published

2024-01-16

·

Updated

2025-09-15

·

CVE-2024-0409

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions X.Org Server versions prior to 21.1.11 Xwayland versions prior to 23.2.4
Description A flaw was found in the X.Org server, specifically in the cursor code of Xephyr and Xwayland, which uses the wrong type of private at creation. This issue is related to a buffer overflow in the Privates Handler component of the X Window System X.Org Server, allowing an attacker to execute arbitrary code.
Recommendations For X.Org Server versions prior to 21.1.11, update to version 21.1.11 or later. For Xwayland versions prior to 23.2.4, update to version 23.2.4 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2024:2169
ALSA-2024:2170
ALSA-2024:2995
ALSA-2024:2996
ALT-PU-2024-1181
ALT-PU-2024-1183
ALT-PU-2024-1936
ALT-PU-2024-3261
ALT-PU-2024-3843
ALT-PU-2024-4743
ALT-PU-2024-5972
ALT-PU-2025-11601
AZL-33351
AZL-45339
BDU:2024-00639
CESA-2024_0320
CESA-2024_2995
CESA-2024_2996
CVE-2024-0409
DLA-3721-1
DSA-5603-1
INFSA-2024_2169
INFSA-2024_2170
INFSA-2024_2995
INFSA-2024_2996
MGASA-2024-0022
OESA-2024-1102
OESA-2024-1597
OESA-2024-1598
OESA-2024-1600
OPENSUSE-SU-2024:13597-1
OPENSUSE-SU-2024:13598-1
OPENSUSE-SU-2024_0212-1
OPENSUSE-SU-2024_0249-1
RHSA-2024:0320
RHSA-2024:2169
RHSA-2024:2170
RHSA-2024:2995
RHSA-2024:2996
RHSA-2024_0320
RHSA-2024_2169
RHSA-2024_2170
RHSA-2024_2995
RHSA-2024_2996
ROSA-SA-2024-2351
ROSA-SA-2025-2575
ROSA-SA-2025-2576
SUSE-SU-2024:0165-1
SUSE-SU-2024:0212-1
SUSE-SU-2024:0236-1
SUSE-SU-2024:0249-1
SUSE-SU-2024:0251-1
SUSE-SU-2024:0252-1
USN-6587-1
USN-6587-2
USN-6587-3
USN-6587-4

Affected Products

Alt Linux
Almalinux
Centos
Debian
Linuxmint
Red Hat
Red Os
Suse
Ubuntu
X.Org Server
Xwayland