CVE-2024-0408 – Xorg-x11-server: selinux unlabeled glx pbuffer
https://notcve.org/view.php?id=CVE-2024-0408
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL. Se encontró una falla en el servidor X.Org. El código GLX PBuffer no llama al gancho XACE al crear el búfer, dejándolo sin etiquetar. • https://access.redhat.com/errata/RHSA-2024:0320 https://access.redhat.com/errata/RHSA-2024:2169 https://access.redhat.com/errata/RHSA-2024:2170 https://access.redhat.com/errata/RHSA-2024:2995 https://access.redhat.com/errata/RHSA-2024:2996 https://access.redhat.com/security/cve/CVE-2024-0408 https://bugzilla.redhat.com/show_bug.cgi?id=2257689 https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce@lists& • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVE-2023-6816 – Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
https://notcve.org/view.php?id=CVE-2023-6816
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used. Se encontró un fallo en el servidor X.Org. Tanto DeviceFocusEvent como la respuesta de XIQueryPointer contienen un bit para cada botón lógico actualmente presionado. • http://www.openwall.com/lists/oss-security/2024/01/18/1 https://access.redhat.com/errata/RHSA-2024:0320 https://access.redhat.com/errata/RHSA-2024:0557 https://access.redhat.com/errata/RHSA-2024:0558 https://access.redhat.com/errata/RHSA-2024:0597 https://access.redhat.com/errata/RHSA-2024:0607 https://access.redhat.com/errata/RHSA-2024:0614 https://access.redhat.com/errata/RHSA-2024:0617 https://access.redhat.com/errata/RHSA-2024:0621 https://access.redhat.com& • CWE-787: Out-of-bounds Write •
CVE-2024-0409 – Xorg-x11-server: selinux context corruption
https://notcve.org/view.php?id=CVE-2024-0409
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context. Se encontró una falla en el servidor X.Org. El código del cursor tanto en Xephyr como en Xwayland utiliza el tipo incorrecto de privado en el momento de la creación. • https://access.redhat.com/errata/RHSA-2024:0320 https://access.redhat.com/errata/RHSA-2024:2169 https://access.redhat.com/errata/RHSA-2024:2170 https://access.redhat.com/errata/RHSA-2024:2995 https://access.redhat.com/errata/RHSA-2024:2996 https://access.redhat.com/security/cve/CVE-2024-0409 https://bugzilla.redhat.com/show_bug.cgi?id=2257690 https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce@lists& • CWE-787: Out-of-bounds Write •
CVE-2023-1393 – X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1393
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. A vulnerability was found in X.Org Server. This flaw occurs if a client explicitly destroys the compositor overlay window (aka COW), where Xserver leaves a dangling pointer to that window in the CompScreen structure, which will later trigger a use-after-free issue. • https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNQYHUI63DB5FHK6EOI3Z4C6YQZGZKI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3EVO3OQV6T4BSABWZ2TU3PY5TJTEQZ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEHSYYFGBN3G4RS2HJXKQ5NBMOAZ5F2F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-416: Use After Free •
CVE-2022-2319 – X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2319
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. Se ha encontrado un fallo en Xorg-x11-server. Puede producirse un problema de acceso fuera de límites en la función ProcXkbSetGeometry debido a una comprobación inapropiada de la longitud de la petición This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of ProcXkbSetGeometry requests. • https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938 https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939 https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html https://security.gentoo.org/glsa/202210-30 https://security.netapp.com/advisory/ntap-20221104-0003 https://www.zerodayinitiative.com/advisories/ZDI-22-964 https://access.redhat.com/security/cve/CVE-2022-2319 https://bugzilla.redhat.com/show_bug.cgi?id=2106671 • CWE-1320: Improper Protection for Outbound Error Messages and Alert Signals •