Untriaged
Permalink
CVE-2025-62230
7.3 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Xorg: xwayland: use-after-free in xkb client resource removal
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
References
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22364 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22365 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22426 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22427 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22364 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22365 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22426 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22427 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22667 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22364 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22365 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22426 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22427 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22667 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22729 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22742 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22753 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22364 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22365 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22426 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22427 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22667 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22729 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22742 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22753 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
- RHSA-2025:19432 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19433 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19434 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19435 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19489 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19623 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19909 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20958 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20960 x_refsource_REDHAT vendor-advisory
- RHSA-2025:20961 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21035 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22040 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22041 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22051 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22055 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22056 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22077 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22096 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22164 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22167 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22364 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22365 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22426 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22427 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22667 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22729 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22742 x_refsource_REDHAT vendor-advisory
- RHSA-2025:22753 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0031 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0033 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0034 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0035 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0036 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-62230 x_refsource_REDHAT vdb-entry
- RHBZ#2402653 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
- http://www.openwall.com/lists/oss-security/2025/10/28/7
Affected products
tigervnc
- *
xwayland
- <24.1.9
xorg-x11-server
- *
xorg-x11-server-Xwayland
- *