Unrated severityOSV Advisory· Published Jan 18, 2024· Updated Nov 20, 2025
Xorg-x11-server: selinux context corruption
CVE-2024-0409
Description
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
Affected products
50- osv-coords49 versionspkg:apk/chainguard/gtfpkg:apk/chainguard/Xnestpkg:apk/chainguard/xorg-serverpkg:apk/chainguard/xorg-server-commonpkg:apk/chainguard/xorg-server-devpkg:apk/chainguard/xorg-server-docpkg:apk/chainguard/Xvfbpkg:apk/chainguard/xvfb-runpkg:apk/wolfi/gtfpkg:apk/wolfi/Xnestpkg:apk/wolfi/xorg-serverpkg:apk/wolfi/xorg-server-commonpkg:apk/wolfi/xorg-server-devpkg:apk/wolfi/xorg-server-docpkg:apk/wolfi/Xvfbpkg:apk/wolfi/xvfb-runpkg:rpm/almalinux/xorg-x11-server-commonpkg:rpm/almalinux/xorg-x11-server-develpkg:rpm/almalinux/xorg-x11-server-sourcepkg:rpm/almalinux/xorg-x11-server-Xdmxpkg:rpm/almalinux/xorg-x11-server-Xephyrpkg:rpm/almalinux/xorg-x11-server-Xnestpkg:rpm/almalinux/xorg-x11-server-Xorgpkg:rpm/almalinux/xorg-x11-server-Xvfbpkg:rpm/almalinux/xorg-x11-server-Xwaylandpkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/xwayland&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xwayland&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/xwayland&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5
< 21.1.10-r5+ 48 more
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 21.1.10-r5
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 22.1.9-5.el9
- (no CPE)range: < 21.1.4-150500.7.21.1
- (no CPE)range: < 21.1.11-1.1
- (no CPE)range: < 22.1.5-150500.7.17.1
- (no CPE)range: < 23.2.4-1.1
- (no CPE)range: < 1.20.3-150200.22.5.91.1
- (no CPE)range: < 1.20.3-150200.22.5.91.1
- (no CPE)range: < 1.20.3-150200.22.5.91.1
- (no CPE)range: < 1.20.3-150400.38.43.1
- (no CPE)range: < 1.20.3-150400.38.43.1
- (no CPE)range: < 21.1.4-150500.7.21.1
- (no CPE)range: < 21.1.4-150500.7.21.1
- (no CPE)range: < 1.19.6-10.68.1
- (no CPE)range: < 1.20.3-150200.22.5.91.1
- (no CPE)range: < 1.20.3-150200.22.5.91.1
- (no CPE)range: < 1.20.3-150400.38.43.1
- (no CPE)range: < 1.19.6-10.68.1
- (no CPE)range: < 1.20.3-150200.22.5.91.1
- (no CPE)range: < 1.20.3-150200.22.5.91.1
- (no CPE)range: < 1.20.3-150400.38.43.1
- (no CPE)range: < 1.19.6-10.68.1
- (no CPE)range: < 1.20.3-150200.22.5.91.1
- (no CPE)range: < 1.20.3-150400.38.43.1
- (no CPE)range: < 1.20.3-150400.38.43.1
- (no CPE)range: < 22.1.5-150500.7.17.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- access.redhat.com/errata/RHSA-2024:0320mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2169mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2170mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2995mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2996mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2024-0409mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.