Wind River Support Network

HomeDefectsLIN1023-3359
Fixed

LIN1023-3359 : Security Advisory - xserver-xorg - CVE-2024-0408

Created: Jan 16, 2024    Updated: Apr 2, 2025
Resolved Date: Mar 24, 2025
Found In Version: 10.23.30.1
Fix Version: 10.23.30.16
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace

Description

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

https://nvd.nist.gov/vuln/detail/CVE-2024-0408

CVEs

  • Linkedin
  • Facebook
  • Twitter
  • Youtube