CVE-2025-49177

MEDIUM

xwayland < 24.1.7 - Exposure of Sensitive Information via XFIXES Extension Request Length Validation

Title source: llm

Description

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

References (7)

Core 7

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10258

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9303

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9304

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-49177

Patch

https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af

Third Party Advisory

https://www.x.org/wiki/Development/Security/

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2369955

Scores

CVSS v3 6.1

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (9)

Red Hat/Red Hat Enterprise Linux 10 0:24.1.5-4.el10_0

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9

Red Hat/Red Hat Enterprise Linux 9 0:1.20.11-31.el9_6

Red Hat/Red Hat Enterprise Linux 9 0:23.2.7-4.el9_6

Red Hat/Red Hat Enterprise Linux 9.4 Extended Update Support 0:22.1.9-6.el9_4

X.Org/xwayland < 24.1.7

Published Jun 17, 2025

Tracked Since Feb 18, 2026