Description
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
Problem types
Product status
0:24.1.5-5.el10_0 (rpm) before *
0:24.1.5-5.el10_1 (rpm) before *
0:21.1.3-19.el8_10 (rpm) before *
0:1.20.11-27.el8_10 (rpm) before *
0:1.15.0-8.el8_10 (rpm) before *
0:1.20.11-32.el9_6 (rpm) before *
0:1.14.1-9.el9_6 (rpm) before *
0:23.2.7-5.el9_6 (rpm) before *
0:1.15.0-6.el9_7 (rpm) before *
0:23.2.7-5.el9_7 (rpm) before *
0:1.20.11-32.el9_7 (rpm) before *
Timeline
| 2025-10-09: | Reported to Red Hat. |
| 2025-10-29: | Made public. |
Credits
Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.
References
lists.debian.org/debian-lts-announce/2025/10/msg00033.html
www.openwall.com/lists/oss-security/2025/10/28/7
access.redhat.com/errata/RHSA-2025:19432 (RHSA-2025:19432)
access.redhat.com/errata/RHSA-2025:19433 (RHSA-2025:19433)
access.redhat.com/errata/RHSA-2025:19434 (RHSA-2025:19434)
access.redhat.com/errata/RHSA-2025:19435 (RHSA-2025:19435)
access.redhat.com/errata/RHSA-2025:19489 (RHSA-2025:19489)
access.redhat.com/errata/RHSA-2025:19623 (RHSA-2025:19623)
access.redhat.com/errata/RHSA-2025:19909 (RHSA-2025:19909)
access.redhat.com/errata/RHSA-2025:20958 (RHSA-2025:20958)
access.redhat.com/errata/RHSA-2025:20960 (RHSA-2025:20960)
access.redhat.com/errata/RHSA-2025:20961 (RHSA-2025:20961)
access.redhat.com/errata/RHSA-2025:21035 (RHSA-2025:21035)
access.redhat.com/security/cve/CVE-2025-62229
bugzilla.redhat.com/show_bug.cgi?id=2402649 (RHBZ#2402649)
