Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged
Permalink CVE-2025-62230
7.3 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): Low (L)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): High (H)
created 6 months ago Activity log
  • Created suggestion 6 months ago
Xorg: xwayland: use-after-free in xkb client resource removal

A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.

References

Affected products

tigervnc
  • *
xwayland
  • <24.1.9
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL