CVE-2024-0408 is a vulnerability discovered in the X.Org server, specifically in version 21.1.0, related to the GLX PBuffer implementation. The issue stems from the GLX PBuffer code failing to invoke the X Access Control Extension (XACE) hook during buffer creation. The XACE hook is responsible for labeling resources with security identifiers (SIDs) used by SELinux for access control. Because the buffer is created without this labeling, it remains unlabeled. When a client later issues requests that access this buffer—such as GetGeometry or creating a Graphics Context (GC) that references the buffer—the XSELINUX module attempts to use the SID associated with the resource. Since the SID is NULL due to the missing label, the code crashes, causing the X.Org server to terminate unexpectedly. This results in a denial of service (DoS) condition. The vulnerability requires local access with low privileges (PR:L) and does not require user interaction (UI:N). The attack vector is local (AV:L), and the vulnerability does not affect confidentiality or integrity but impacts availability. The CVSS v3.1 base score is 5.5 (medium severity). No known exploits have been reported in the wild. The flaw highlights a gap in the security labeling process within the X.Org server's GLX PBuffer resource management, particularly in environments enforcing SELinux policies.

The primary impact of CVE-2024-0408 is a denial of service condition affecting systems running X.Org server version 21.1.0 with SELinux enabled. An attacker with local access and low privileges can trigger a crash of the X.Org server by exploiting the unlabeled GLX PBuffer resource, causing service disruption. This can interrupt graphical sessions, potentially impacting users and applications relying on the X server for graphical output. While the vulnerability does not allow privilege escalation, data leakage, or code execution, the loss of availability can affect productivity and system stability, especially on multi-user systems or critical infrastructure relying on graphical interfaces. Organizations with Linux desktops, workstations, or servers using X.Org with SELinux enforcing mode are at risk. The lack of user interaction requirement means the attack can be automated or scripted by a local attacker. No remote exploitation is possible, limiting the scope to local users. The absence of known exploits reduces immediate risk but does not eliminate the need for remediation.

To mitigate CVE-2024-0408, organizations should apply patches or updates from their Linux distribution vendors as soon as they become available, ensuring the X.Org server version is upgraded beyond 21.1.0 or the specific fix is applied. In the absence of patches, administrators can consider temporarily disabling SELinux enforcement for the X.Org server process, though this reduces overall system security and should be a last resort. Restricting local user access to trusted personnel and limiting unprivileged user capabilities can reduce exploitation risk. Monitoring for crashes or abnormal X.Org server restarts can help detect attempted exploitation. Additionally, reviewing and hardening local access controls and sandboxing graphical applications may limit the impact. System administrators should also ensure that logging and alerting for X.Org server failures are enabled to facilitate rapid incident response. Coordination with Linux distribution security advisories is recommended for timely updates.