A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
Metrics
Affected Vendors & Products
References
History
Fri, 29 Aug 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
X.org x Server
|
|
CPEs | cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
X.org xorg-server
|
X.org x Server
|
Tue, 17 Jun 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 22 Nov 2024 12:00:00 +0000
Mon, 16 Sep 2024 16:30:00 +0000

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-08-27T12:03:35.142Z
Reserved: 2024-01-10T21:15:38.712Z
Link: CVE-2024-0409

Updated: 2024-08-01T18:04:49.708Z

Status : Modified
Published: 2024-01-18T16:15:08.593
Modified: 2025-08-29T13:42:30.557
Link: CVE-2024-0409


No data.