Description
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- local
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-787CWE-787
Metadata
- Primary Vendor
- TIGERVNC
- Published
- 1/18/2024
- Last Modified
- 8/29/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
tigervnc : tigervncx.org : x_serverx.org : xwaylandfedoraproject : fedoraredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linux_desktopredhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_power_big_endianredhat : enterprise_linux_for_power_little_endianredhat : enterprise_linux_for_scientific_computingredhat : enterprise_linux_serverredhat : enterprise_linux_workstation
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.