CVE-2025-62230

HIGH

Xwayland < 24.1.9 - Use-After-Free in Xkb Extension Client Resource Cleanup

Title source: llm

Description

A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.

References (38)

Core 38

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19432

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19433

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19434

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19435

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19489

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19623

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19909

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:20958

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:20960

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:20961

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:21035

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22040

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22041

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22051

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22055

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22056

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22077

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22096

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22164

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22167

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22364

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22365

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22426

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22427

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22667

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22729

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22742

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22753

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2026:0031

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2026:0033

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2026:0034

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2026:0035

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2026:0036

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-62230

https://lists.x.org/archives/xorg-announce/2025-October/003635.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html

Mailing List

http://www.openwall.com/lists/oss-security/2025/10/28/7

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2402653

Scores

CVSS v3 7.3

EPSS 0.0001

EPSS Percentile 2.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (46)

Red Hat/Red Hat Enterprise Linux 10 0:24.1.5-5.el10_0

Red Hat/Red Hat Enterprise Linux 10 0:24.1.5-5.el10_1

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.15

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.20.4-33.el7_9

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.8.0-36.el7_9.3

Red Hat/Red Hat Enterprise Linux 8 0:1.15.0-8.el8_10

Red Hat/Red Hat Enterprise Linux 8 0:1.20.11-27.el8_10

Red Hat/Red Hat Enterprise Linux 8 0:21.1.3-19.el8_10

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 0:1.20.6-5.el8_2

... and 36 more

Published Oct 30, 2025

Tracked Since Feb 18, 2026