CVE-2024-0409 HIGH

CVE-2024-0409: Xorg-x11-server: selinux context corruption

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-787
Published January 18, 2024
Last update November 20, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

Key dates

02Disclosure timeline

January 18, 2024 CVE published
November 20, 2025 Record updated