Description
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
Problem types
Product status
Timeline
| 2025-10-09: | Reported to Red Hat. |
| 2025-10-29: | Made public. |
Credits
Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.
References
access.redhat.com/security/cve/CVE-2025-62230
bugzilla.redhat.com/show_bug.cgi?id=2402653 (RHBZ#2402653)
