CVE-2025-62230

Public on 2025-10-30
Modified on 2025-11-03
Description
When removing the Xkb resources for a client, the function XkbRemoveResourceClient() will free the XkbInterest data associated with the device, but not the resource associated with it. As a result, when the client terminates, the resource delete function triggers a use-after-free.


NOTE: https://lists.x.org/archives/xorg-announce/2025-October/003635.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/99790a2c9205a52fbbec01f21a92c9b7f4ed1d8f
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/10c94238bdad17c11707e0bdaaa3a9cd54c504be
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175 (xorg-server-21.1.19)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839 (xorg-server-21.1.19)
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core tigervnc 2025-11-10 ALAS2-2025-3065 Fixed
Amazon Linux 2023 tigervnc 2025-11-10 ALAS2023-2025-1267 Fixed
Amazon Linux 2 - Core xorg-x11-server 2025-11-10 ALAS2-2025-3066 Fixed
Amazon Linux 2023 xorg-x11-server 2025-11-10 ALAS2023-2025-1269 Fixed
Amazon Linux 2023 xorg-x11-server-Xwayland 2025-11-10 ALAS2023-2025-1268 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2025-62230 Mitre: CVE-2025-62230