Bug 2257689 (CVE-2024-0408)

Summary: CVE-2024-0408 xorg-x11-server: SELinux unlabeled GLX PBuffer
Product: [Other] Security Response Reporter: Patrick Del Bello <pdelbell>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: xorg-server-21.1.11, xwayland-23.2.4 Doc Type: ---
Doc Text:
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2258975, 2258976    
Bug Blocks: 2256538    

Description Patrick Del Bello 2024-01-10 14:01:47 UTC 
The XSELINUX code in the Xserver labels the X resources based on a hook. What happens here is that the GLX PBuffer code does not call that XACE hook when creating the buffer, so it remains unlabeled, and when the client issues another request to access that resource (as here with a GetGeometry) or even when it creates another resource which needs to access that buffer (such as a GC), the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
Comment 2 Sandipan Roy 2024-01-18 11:32:35 UTC 
Created tigervnc tracking bugs for this issue:

Affects: fedora-all [bug 2258976]


Created xorg-x11-server tracking bugs for this issue:

Affects: fedora-all [bug 2258975]
Comment 4 errata-xmlrpc 2024-01-22 13:43:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:0320 https://access.redhat.com/errata/RHSA-2024:0320
Comment 5 errata-xmlrpc 2024-04-30 09:43:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2170 https://access.redhat.com/errata/RHSA-2024:2170
Comment 6 errata-xmlrpc 2024-04-30 09:43:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2169 https://access.redhat.com/errata/RHSA-2024:2169
Comment 7 errata-xmlrpc 2024-05-22 09:32:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:2995 https://access.redhat.com/errata/RHSA-2024:2995
Comment 8 errata-xmlrpc 2024-05-22 09:32:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:2996 https://access.redhat.com/errata/RHSA-2024:2996