Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
173 vulnerabilities by X.Org
CVE-2026-50263 (GCVE-0-2026-50263)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:36 – Updated: 2026-06-11 18:15
VLAI
Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
Summary
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-50263 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485388 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://lists.x.org/archives/xorg-announce/2026-J… | |
| https://redhat.atlassian.net/browse/PSIRTSUPT-16950 |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-06-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T16:01:18.730750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:01:30.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter."
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:15:29.552Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50263"
},
{
"name": "RHBZ#2485388",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485388"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/ecc634f1b2f7aa473d3a267eada98c4918bf9e05"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T03:14:46.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-50263",
"datePublished": "2026-06-05T10:36:46.377Z",
"dateReserved": "2026-06-04T14:55:24.012Z",
"dateUpdated": "2026-06-11T18:15:29.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50262 (GCVE-0-2026-50262)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:36 – Updated: 2026-06-09 14:37
VLAI
Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
Summary
An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-50262 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485387 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://lists.x.org/archives/xorg-announce/2026-J… | |
| https://redhat.atlassian.net/browse/PSIRTSUPT-16950 |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-06-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:37:02.899907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:37:51.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter."
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T10:36:43.916Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50262"
},
{
"name": "RHBZ#2485387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485387"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T03:14:46.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-50262",
"datePublished": "2026-06-05T10:36:43.916Z",
"dateReserved": "2026-06-04T14:55:24.012Z",
"dateUpdated": "2026-06-09T14:37:51.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50264 (GCVE-0-2026-50264)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:36 – Updated: 2026-06-10 03:58
VLAI
Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds heap write in dri2 drigetbuffers/drigetbufferswithformat
Summary
An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-50264 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485389 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://lists.x.org/archives/xorg-announce/2026-J… | |
| https://redhat.atlassian.net/browse/PSIRTSUPT-16950 |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-06-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T03:58:47.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Peter Hutterer (Red Hat)."
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T10:36:37.352Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50264"
},
{
"name": "RHBZ#2485389",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485389"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/339c279514326134b0878fc23ce6e9520440ce7f"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T03:14:46.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds heap write in dri2 drigetbuffers/drigetbufferswithformat",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-50264",
"datePublished": "2026-06-05T10:36:37.352Z",
"dateReserved": "2026-06-04T14:55:24.012Z",
"dateUpdated": "2026-06-10T03:58:47.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50261 (GCVE-0-2026-50261)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:36 – Updated: 2026-06-06 03:56
VLAI
Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
Summary
A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-50261 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485386 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://lists.x.org/archives/xorg-announce/2026-J… | |
| https://redhat.atlassian.net/browse/PSIRTSUPT-16950 |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-06-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T03:56:14.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter."
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T10:36:33.418Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50261"
},
{
"name": "RHBZ#2485386",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485386"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdd7bf57af208b1ddf57d4683d67104443b44812"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T03:14:46.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-50261",
"datePublished": "2026-06-05T10:36:33.418Z",
"dateReserved": "2026-06-04T14:55:24.012Z",
"dateUpdated": "2026-06-06T03:56:14.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50260 (GCVE-0-2026-50260)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:36 – Updated: 2026-06-10 03:58
VLAI
Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
Summary
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-50260 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485385 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://lists.x.org/archives/xorg-announce/2026-J… | |
| https://redhat.atlassian.net/browse/PSIRTSUPT-16950 |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-06-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T03:58:48.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter."
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T10:36:30.319Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50260"
},
{
"name": "RHBZ#2485385",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485385"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T03:14:46.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-50260",
"datePublished": "2026-06-05T10:36:30.319Z",
"dateReserved": "2026-06-04T14:55:24.011Z",
"dateUpdated": "2026-06-10T03:58:48.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50258 (GCVE-0-2026-50258)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:31 – Updated: 2026-06-10 03:58
VLAI
Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels
Summary
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-50258 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485383 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://lists.x.org/archives/xorg-announce/2026-J… | |
| https://redhat.atlassian.net/browse/PSIRTSUPT-16950 |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-06-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T03:58:50.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter."
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T10:31:39.316Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50258"
},
{
"name": "RHBZ#2485383",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485383"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/543e108516428fc8c3bea91d6563ad266f9a801e"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T03:14:46.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-50258",
"datePublished": "2026-06-05T10:31:39.316Z",
"dateReserved": "2026-06-04T14:55:24.011Z",
"dateUpdated": "2026-06-10T03:58:50.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50259 (GCVE-0-2026-50259)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:31 – Updated: 2026-06-10 03:58
VLAI
Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing
Summary
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-50259 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485384 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://lists.x.org/archives/xorg-announce/2026-J… | |
| https://redhat.atlassian.net/browse/PSIRTSUPT-16950 |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-06-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T03:58:51.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter."
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T10:31:39.152Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50259"
},
{
"name": "RHBZ#2485384",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485384"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/867b59b33bee669cb412f1314e47c52eacf6e00b"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T03:14:46.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-50259",
"datePublished": "2026-06-05T10:31:39.152Z",
"dateReserved": "2026-06-04T14:55:24.011Z",
"dateUpdated": "2026-06-10T03:58:51.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50256 (GCVE-0-2026-50256)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:31 – Updated: 2026-06-10 13:34
VLAI
Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch
Summary
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-50256 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485380 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://lists.x.org/archives/xorg-announce/2026-J… | |
| https://redhat.atlassian.net/browse/PSIRTSUPT-16950 |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-06-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T03:58:53.147448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T13:34:18.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter."
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library\u0027s maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2\u0027s alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T10:31:22.122Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50256"
},
{
"name": "RHBZ#2485380",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485380"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/bb5158f962dc935e58ef8b4b5fcb31be201a6e07"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T03:14:46.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-50256",
"datePublished": "2026-06-05T10:31:22.122Z",
"dateReserved": "2026-06-04T14:55:24.011Z",
"dateUpdated": "2026-06-10T13:34:18.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50257 (GCVE-0-2026-50257)
Vulnerability from cvelistv5 – Published: 2026-06-05 10:31 – Updated: 2026-06-10 03:58
VLAI
Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()
Summary
A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-50257 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485382 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://lists.x.org/archives/xorg-announce/2026-J… | |
| https://redhat.atlassian.net/browse/PSIRTSUPT-16950 |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-06-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T03:58:53.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter."
}
],
"datePublic": "2026-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T10:31:22.052Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-50257"
},
{
"name": "RHBZ#2485382",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485382"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2026-June/003702.html"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-16950"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T03:14:46.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-02T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-50257",
"datePublished": "2026-06-05T10:31:22.052Z",
"dateReserved": "2026-06-04T14:55:24.011Z",
"dateUpdated": "2026-06-10T03:58:53.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34002 (GCVE-0-2026-34002)
Vulnerability from cvelistv5 – Published: 2026-05-05 14:41 – Updated: 2026-06-08 03:30
VLAI
Title
Xorg: xwayland: x.org x server: information disclosure or denial of service via out-of-bounds read in xkb modifier map handling
Summary
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-805 - Buffer Access with Incorrect Length Value
Assigner
References
26 references
Impacted products
38 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
0:24.1.5-6.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.16 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-34.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9.4 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.10-4.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.15 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.10-4.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.11.0-8.el8_4.15 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:21.1.3-2.el8_6.6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.11-7.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.17 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.12.0-6.el8_6.17 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:21.1.3-2.el8_6.6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.20.11-7.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-2.el8_6.6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-7.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:21.1.3-13.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.20.11-18.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.12.0-15.el8_8.17 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-13.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-18.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-15.el8_8.17 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-5.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-13.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.17 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-10.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-20.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-14.el9_2.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.20.11-28.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-8.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:1.20.11-33.el9_6 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:23.2.7-6.el9_6 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:1.14.1-10.el9_6 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-05-05 14:01
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:27:00.488000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:27:54.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-6.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-34.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-4.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-4.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-7.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-7.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-7.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-13.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-18.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-13.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-18.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-5.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-13.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-10.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-20.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-28.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-8.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-33.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-6.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-10.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jan-Niklas Sohn (TrendAI Zero Day Initiative) for reporting this issue."
}
],
"datePublic": "2026-05-05T14:01:46.686Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "Buffer Access with Incorrect Length Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T03:30:19.183Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:20547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20547"
},
{
"name": "RHSA-2026:20555",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20555"
},
{
"name": "RHSA-2026:20557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20557"
},
{
"name": "RHSA-2026:20558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20558"
},
{
"name": "RHSA-2026:20560",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20560"
},
{
"name": "RHSA-2026:20561",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20561"
},
{
"name": "RHSA-2026:20562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20562"
},
{
"name": "RHSA-2026:20563",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20563"
},
{
"name": "RHSA-2026:20575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20575"
},
{
"name": "RHSA-2026:20576",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20576"
},
{
"name": "RHSA-2026:20590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20590"
},
{
"name": "RHSA-2026:21699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21699"
},
{
"name": "RHSA-2026:21712",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21712"
},
{
"name": "RHSA-2026:21715",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21715"
},
{
"name": "RHSA-2026:21716",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21716"
},
{
"name": "RHSA-2026:21718",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21718"
},
{
"name": "RHSA-2026:21741",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21741"
},
{
"name": "RHSA-2026:21742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21742"
},
{
"name": "RHSA-2026:22424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22424"
},
{
"name": "RHSA-2026:22456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22456"
},
{
"name": "RHSA-2026:23254",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23254"
},
{
"name": "RHSA-2026:23255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23255"
},
{
"name": "RHSA-2026:23496",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23496"
},
{
"name": "RHSA-2026:24341",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24341"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-34002"
},
{
"name": "RHBZ#2451112",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451112"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T07:09:50.953Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-05T14:01:46.686Z",
"value": "Made public."
}
],
"title": "Xorg: xwayland: x.org x server: information disclosure or denial of service via out-of-bounds read in xkb modifier map handling",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, restrict access to the X11 server. If the X.Org X server is not required on a system, consider disabling or uninstalling it. For systems where the X server is necessary, ensure that access is limited to trusted users and networks. This can involve configuring `xhost` or implementing firewall rules to restrict connections to the X server. Any changes to X server configuration or service status may require a restart of the X server for the mitigation to take effect, which will impact active graphical sessions."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-805: Buffer Access with Incorrect Length Value"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-34002",
"datePublished": "2026-05-05T14:41:10.065Z",
"dateReserved": "2026-03-25T04:53:13.615Z",
"dateUpdated": "2026-06-08T03:30:19.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34000 (GCVE-0-2026-34000)
Vulnerability from cvelistv5 – Published: 2026-05-05 14:41 – Updated: 2026-06-08 03:30
VLAI
Title
Xwayland: xorg: x.org x server: information disclosure and denial of service via out-of-bounds read in xkb geometry processing.
Summary
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
27 references
Impacted products
39 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
0:24.1.5-6.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.16 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-34.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9.4 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.10-4.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.15 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.10-4.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.11.0-8.el8_4.15 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:21.1.3-2.el8_6.6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.11-7.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.17 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.12.0-6.el8_6.17 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:21.1.3-2.el8_6.6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.20.11-7.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-2.el8_6.6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-7.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:21.1.3-13.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.20.11-18.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.12.0-15.el8_8.17 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-13.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-18.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-15.el8_8.17 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.15.0-7.el9_8.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-5.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-13.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.17 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-10.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-20.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-14.el9_2.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.20.11-28.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-8.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:1.20.11-33.el9_6 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:23.2.7-6.el9_6 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:1.14.1-10.el9_6 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-05-05 14:01
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T18:51:27.642857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T18:52:32.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-6.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-34.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-4.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-4.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-7.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-7.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-7.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-13.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-18.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-13.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-18.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-7.el9_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-5.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-13.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.17",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-10.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-20.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-28.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-8.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-33.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-6.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-10.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jan-Niklas Sohn (TrendAI Zero Day Initiative) for reporting this issue."
}
],
"datePublic": "2026-05-05T14:01:15.690Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T03:30:12.287Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:19342",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19342"
},
{
"name": "RHSA-2026:20547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20547"
},
{
"name": "RHSA-2026:20555",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20555"
},
{
"name": "RHSA-2026:20557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20557"
},
{
"name": "RHSA-2026:20558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20558"
},
{
"name": "RHSA-2026:20560",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20560"
},
{
"name": "RHSA-2026:20561",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20561"
},
{
"name": "RHSA-2026:20562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20562"
},
{
"name": "RHSA-2026:20563",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20563"
},
{
"name": "RHSA-2026:20575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20575"
},
{
"name": "RHSA-2026:20576",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20576"
},
{
"name": "RHSA-2026:20590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20590"
},
{
"name": "RHSA-2026:21699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21699"
},
{
"name": "RHSA-2026:21712",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21712"
},
{
"name": "RHSA-2026:21715",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21715"
},
{
"name": "RHSA-2026:21716",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21716"
},
{
"name": "RHSA-2026:21718",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21718"
},
{
"name": "RHSA-2026:21741",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21741"
},
{
"name": "RHSA-2026:21742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21742"
},
{
"name": "RHSA-2026:22424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22424"
},
{
"name": "RHSA-2026:22456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22456"
},
{
"name": "RHSA-2026:23254",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23254"
},
{
"name": "RHSA-2026:23255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23255"
},
{
"name": "RHSA-2026:23496",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23496"
},
{
"name": "RHSA-2026:24341",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24341"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-34000"
},
{
"name": "RHBZ#2451107",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451107"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T06:37:44.196Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-05T14:01:15.690Z",
"value": "Made public."
}
],
"title": "Xwayland: xorg: x.org x server: information disclosure and denial of service via out-of-bounds read in xkb geometry processing.",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this vulnerability, restrict access to the X11 server. On systems where a graphical environment is not required, consider disabling the X server entirely by setting the default system target to multi-user mode. For systems requiring the X server, ensure that X11 forwarding is disabled in SSH configurations if not explicitly needed, and restrict direct X11 connections to trusted users and networks through firewall rules. If changes are made to SSH configuration, the `sshd` service must be restarted. If the default system target is changed, a system reboot is required."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-34000",
"datePublished": "2026-05-05T14:41:05.468Z",
"dateReserved": "2026-03-25T04:53:13.614Z",
"dateUpdated": "2026-06-08T03:30:12.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62229 (GCVE-0-2025-62229)
Vulnerability from cvelistv5 – Published: 2025-10-30 05:28 – Updated: 2026-04-20 13:50
VLAI
Title
Xorg: xmayland: use-after-free in xpresentnotify structure creation
Summary
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
38 references
Impacted products
46 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | Xwayland |
Affected:
1.15.0 , < 24.1.9
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-5.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-5.el10_1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.15 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-33.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9.3 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:21.1.3-19.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.20.11-27.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.15.0-8.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.15 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.20.6-5.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.14 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.10-3.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.11.0-8.el8_4.14 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.10-3.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.15 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.11-6.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:21.1.3-2.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.15 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.20.11-6.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:21.1.3-2.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.15 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-6.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-2.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.12.0-15.el8_8.16 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.20.11-17.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:21.1.3-12.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-15.el8_8.16 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-17.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-12.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-32.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-9.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-5.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.15.0-6.el9_7 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-5.el9_7 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-32.el9_7 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.16 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-12.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-4.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-14.el9_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-19.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-9.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.8 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.20.11-27.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-7.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2025-10-29 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T03:55:33.342598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:56:53.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:17.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/28/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "Xwayland",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.9",
"status": "affected",
"version": "1.15.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-5.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-5.el10_1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-33.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-19.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-27.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-8.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.6-5.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-3.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-3.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-17.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-12.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-17.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-12.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-32.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-9.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-5.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-6.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-5.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-32.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-12.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-4.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-19.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-9.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-27.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-7.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue."
}
],
"datePublic": "2025-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:50:16.096Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:19432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19432"
},
{
"name": "RHSA-2025:19433",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19433"
},
{
"name": "RHSA-2025:19434",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19434"
},
{
"name": "RHSA-2025:19435",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19435"
},
{
"name": "RHSA-2025:19489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19489"
},
{
"name": "RHSA-2025:19623",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19623"
},
{
"name": "RHSA-2025:19909",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19909"
},
{
"name": "RHSA-2025:20958",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:20958"
},
{
"name": "RHSA-2025:20960",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:20960"
},
{
"name": "RHSA-2025:20961",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:20961"
},
{
"name": "RHSA-2025:21035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21035"
},
{
"name": "RHSA-2025:22040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22040"
},
{
"name": "RHSA-2025:22041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22041"
},
{
"name": "RHSA-2025:22051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22051"
},
{
"name": "RHSA-2025:22055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22055"
},
{
"name": "RHSA-2025:22056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22056"
},
{
"name": "RHSA-2025:22077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22077"
},
{
"name": "RHSA-2025:22096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22096"
},
{
"name": "RHSA-2025:22164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22164"
},
{
"name": "RHSA-2025:22167",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22167"
},
{
"name": "RHSA-2025:22364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22364"
},
{
"name": "RHSA-2025:22365",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22365"
},
{
"name": "RHSA-2025:22426",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22426"
},
{
"name": "RHSA-2025:22427",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22427"
},
{
"name": "RHSA-2025:22667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22667"
},
{
"name": "RHSA-2025:22729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22729"
},
{
"name": "RHSA-2025:22742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22742"
},
{
"name": "RHSA-2025:22753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22753"
},
{
"name": "RHSA-2026:0031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0031"
},
{
"name": "RHSA-2026:0033",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0033"
},
{
"name": "RHSA-2026:0034",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0034"
},
{
"name": "RHSA-2026:0035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0035"
},
{
"name": "RHSA-2026:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0036"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-62229"
},
{
"name": "RHBZ#2402649",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402649"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2025-October/003635.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-09T05:04:24.644Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-10-29T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg: xmayland: use-after-free in xpresentnotify structure creation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-62229",
"datePublished": "2025-10-30T05:28:48.131Z",
"dateReserved": "2025-10-09T04:46:44.074Z",
"dateUpdated": "2026-04-20T13:50:16.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62230 (GCVE-0-2025-62230)
Vulnerability from cvelistv5 – Published: 2025-10-30 05:19 – Updated: 2026-04-20 13:50
VLAI
Title
Xorg: xwayland: use-after-free in xkb client resource removal
Summary
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
38 references
Impacted products
46 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | Xwayland |
Affected:
0 , < 24.1.9
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-5.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-5.el10_1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.15 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-33.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9.3 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:21.1.3-19.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.20.11-27.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.15.0-8.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.15 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.20.6-5.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.14 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.10-3.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.11.0-8.el8_4.14 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.10-3.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.15 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.11-6.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:21.1.3-2.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.15 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.20.11-6.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:21.1.3-2.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.15 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-6.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-2.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.12.0-15.el8_8.16 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.20.11-17.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:21.1.3-12.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-15.el8_8.16 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-17.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-12.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-32.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-9.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-5.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.15.0-6.el9_7 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-5.el9_7 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-32.el9_7 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.16 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-12.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-4.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-14.el9_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-19.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-9.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.8 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.20.11-27.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-7.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2025-10-29 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T03:55:34.138515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:56:53.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:18.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/28/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "Xwayland",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-5.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-5.el10_1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-33.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-19.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-27.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-8.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.6-5.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-3.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-3.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-17.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-12.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-17.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-12.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-32.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-9.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-5.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-6.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-5.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-32.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-12.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-4.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-19.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-9.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-27.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-7.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue."
}
],
"datePublic": "2025-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in the X.Org X server\u2019s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:50:16.428Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:19432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19432"
},
{
"name": "RHSA-2025:19433",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19433"
},
{
"name": "RHSA-2025:19434",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19434"
},
{
"name": "RHSA-2025:19435",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19435"
},
{
"name": "RHSA-2025:19489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19489"
},
{
"name": "RHSA-2025:19623",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19623"
},
{
"name": "RHSA-2025:19909",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19909"
},
{
"name": "RHSA-2025:20958",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:20958"
},
{
"name": "RHSA-2025:20960",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:20960"
},
{
"name": "RHSA-2025:20961",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:20961"
},
{
"name": "RHSA-2025:21035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21035"
},
{
"name": "RHSA-2025:22040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22040"
},
{
"name": "RHSA-2025:22041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22041"
},
{
"name": "RHSA-2025:22051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22051"
},
{
"name": "RHSA-2025:22055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22055"
},
{
"name": "RHSA-2025:22056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22056"
},
{
"name": "RHSA-2025:22077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22077"
},
{
"name": "RHSA-2025:22096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22096"
},
{
"name": "RHSA-2025:22164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22164"
},
{
"name": "RHSA-2025:22167",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22167"
},
{
"name": "RHSA-2025:22364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22364"
},
{
"name": "RHSA-2025:22365",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22365"
},
{
"name": "RHSA-2025:22426",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22426"
},
{
"name": "RHSA-2025:22427",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22427"
},
{
"name": "RHSA-2025:22667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22667"
},
{
"name": "RHSA-2025:22729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22729"
},
{
"name": "RHSA-2025:22742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22742"
},
{
"name": "RHSA-2025:22753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22753"
},
{
"name": "RHSA-2026:0031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0031"
},
{
"name": "RHSA-2026:0033",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0033"
},
{
"name": "RHSA-2026:0034",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0034"
},
{
"name": "RHSA-2026:0035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0035"
},
{
"name": "RHSA-2026:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0036"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-62230"
},
{
"name": "RHBZ#2402653",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402653"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2025-October/003635.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-09T06:00:07.571Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-10-29T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg: xwayland: use-after-free in xkb client resource removal",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-62230",
"datePublished": "2025-10-30T05:19:40.445Z",
"dateReserved": "2025-10-09T04:46:44.074Z",
"dateUpdated": "2026-04-20T13:50:16.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62231 (GCVE-0-2025-62231)
Vulnerability from cvelistv5 – Published: 2025-10-30 05:08 – Updated: 2026-04-20 13:50
VLAI
Title
Xorg: xmayland: value overflow in xkbsetcompatmap()
Summary
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
38 references
Impacted products
46 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | Xwayland |
Affected:
0 , < 24.1.9
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-5.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-5.el10_1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.15 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-33.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9.3 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:21.1.3-19.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.20.11-27.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.15.0-8.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.15 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.20.6-5.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.14 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.10-3.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.11.0-8.el8_4.14 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.10-3.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.15 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.11-6.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:21.1.3-2.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.15 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.20.11-6.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:21.1.3-2.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.15 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-6.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-2.el8_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.12.0-15.el8_8.16 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.20.11-17.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:21.1.3-12.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-15.el8_8.16 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-17.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-12.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-32.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-9.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-5.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.15.0-6.el9_7 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-5.el9_7 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-32.el9_7 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.16 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-12.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-4.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-14.el9_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-19.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-9.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.8 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.20.11-27.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-7.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2025-10-29 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T03:55:34.992282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:56:54.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:19.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/28/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "Xwayland",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-5.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-5.el10_1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-33.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-19.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-27.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-8.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.6-5.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-3.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-3.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-6.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-17.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-12.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-17.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-12.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-32.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-9.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-5.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-6.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-5.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-32.el9_7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-12.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-4.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-19.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-9.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-27.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-7.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue."
}
],
"datePublic": "2025-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was identified in the X.Org X server\u2019s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:50:20.474Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:19432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19432"
},
{
"name": "RHSA-2025:19433",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19433"
},
{
"name": "RHSA-2025:19434",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19434"
},
{
"name": "RHSA-2025:19435",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19435"
},
{
"name": "RHSA-2025:19489",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19489"
},
{
"name": "RHSA-2025:19623",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19623"
},
{
"name": "RHSA-2025:19909",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19909"
},
{
"name": "RHSA-2025:20958",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:20958"
},
{
"name": "RHSA-2025:20960",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:20960"
},
{
"name": "RHSA-2025:20961",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:20961"
},
{
"name": "RHSA-2025:21035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21035"
},
{
"name": "RHSA-2025:22040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22040"
},
{
"name": "RHSA-2025:22041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22041"
},
{
"name": "RHSA-2025:22051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22051"
},
{
"name": "RHSA-2025:22055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22055"
},
{
"name": "RHSA-2025:22056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22056"
},
{
"name": "RHSA-2025:22077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22077"
},
{
"name": "RHSA-2025:22096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22096"
},
{
"name": "RHSA-2025:22164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22164"
},
{
"name": "RHSA-2025:22167",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22167"
},
{
"name": "RHSA-2025:22364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22364"
},
{
"name": "RHSA-2025:22365",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22365"
},
{
"name": "RHSA-2025:22426",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22426"
},
{
"name": "RHSA-2025:22427",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22427"
},
{
"name": "RHSA-2025:22667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22667"
},
{
"name": "RHSA-2025:22729",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22729"
},
{
"name": "RHSA-2025:22742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22742"
},
{
"name": "RHSA-2025:22753",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22753"
},
{
"name": "RHSA-2026:0031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0031"
},
{
"name": "RHSA-2026:0033",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0033"
},
{
"name": "RHSA-2026:0034",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0034"
},
{
"name": "RHSA-2026:0035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0035"
},
{
"name": "RHSA-2026:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0036"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-62231"
},
{
"name": "RHBZ#2402660",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402660"
},
{
"url": "https://lists.x.org/archives/xorg-announce/2025-October/003635.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-09T06:41:16.314Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-10-29T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg: xmayland: value overflow in xkbsetcompatmap()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-62231",
"datePublished": "2025-10-30T05:08:32.155Z",
"dateReserved": "2025-10-09T04:46:44.074Z",
"dateUpdated": "2026-04-20T13:50:20.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49180 (GCVE-0-2025-49180)
Vulnerability from cvelistv5 – Published: 2025-06-17 15:00 – Updated: 2025-12-11 15:34
VLAI
Title
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension
Summary
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
32 references
Impacted products
47 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | xwayland |
Affected:
0 , < 24.1.7
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-4.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.1 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7.7 Advanced Update Support |
Unaffected:
0:1.8.0-17.el7_7.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:7.7::server |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-32.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9.2 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.20.11-26.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:21.1.3-18.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.15.0-7.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.20.6-4.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.10-2.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.13 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.10-2.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.11.0-8.el8_4.13 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.12.0-15.el8_8.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-15.el8_8.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-31.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-4.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-8.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-3.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-11.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.15 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-8.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-18.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-14.el9_2.12 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-6.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.20.11-26.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.7 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2025-06-17 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T15:36:37.255035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:36:48.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:19.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "xwayland",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-4.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:7.7::server"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7.7 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-17.el7_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-32.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-26.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-18.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-7.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.6-4.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-2.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-2.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-31.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-4.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-8.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-3.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-11.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-8.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-18.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-6.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-26.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"datePublic": "2025-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:34:17.950Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:10258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10258"
},
{
"name": "RHSA-2025:10342",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10342"
},
{
"name": "RHSA-2025:10343",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10343"
},
{
"name": "RHSA-2025:10344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10344"
},
{
"name": "RHSA-2025:10346",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10346"
},
{
"name": "RHSA-2025:10347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10347"
},
{
"name": "RHSA-2025:10348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10348"
},
{
"name": "RHSA-2025:10349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10349"
},
{
"name": "RHSA-2025:10350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10350"
},
{
"name": "RHSA-2025:10351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10351"
},
{
"name": "RHSA-2025:10352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10352"
},
{
"name": "RHSA-2025:10355",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10355"
},
{
"name": "RHSA-2025:10356",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10356"
},
{
"name": "RHSA-2025:10360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10360"
},
{
"name": "RHSA-2025:10370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10370"
},
{
"name": "RHSA-2025:10374",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10374"
},
{
"name": "RHSA-2025:10375",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10375"
},
{
"name": "RHSA-2025:10376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10376"
},
{
"name": "RHSA-2025:10377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10377"
},
{
"name": "RHSA-2025:10378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10378"
},
{
"name": "RHSA-2025:10381",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10381"
},
{
"name": "RHSA-2025:10410",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10410"
},
{
"name": "RHSA-2025:9303",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9303"
},
{
"name": "RHSA-2025:9304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9304"
},
{
"name": "RHSA-2025:9305",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9305"
},
{
"name": "RHSA-2025:9306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9306"
},
{
"name": "RHSA-2025:9392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9392"
},
{
"name": "RHSA-2025:9964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9964"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-49180"
},
{
"name": "RHBZ#2369981",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369981"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-03T10:14:53.357Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-06-17T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-49180",
"datePublished": "2025-06-17T15:00:18.145Z",
"dateReserved": "2025-06-03T05:38:02.947Z",
"dateUpdated": "2025-12-11T15:34:17.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49179 (GCVE-0-2025-49179)
Vulnerability from cvelistv5 – Published: 2025-06-17 14:54 – Updated: 2025-12-11 15:43
VLAI
Title
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
Summary
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
33 references
Impacted products
47 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | xwayland |
Affected:
0 , < 24.1.7
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-4.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.1 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7.7 Advanced Update Support |
Unaffected:
0:1.8.0-17.el7_7.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:7.7::server |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-32.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9.2 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.20.11-26.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:21.1.3-18.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.15.0-7.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.20.6-4.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.10-2.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.10-2.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.11.0-8.el8_4.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.12.0-15.el8_8.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-15.el8_8.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-31.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-4.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-8.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-3.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-11.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.15 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-8.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-18.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-14.el9_2.12 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-6.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.20.11-26.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.7 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2025-06-17 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T15:03:25.523317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:04:08.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:14.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "xwayland",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-4.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:7.7::server"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7.7 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-17.el7_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-32.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-26.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-18.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-7.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.6-4.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-2.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-2.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-31.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-4.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-8.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-3.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-11.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-8.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-18.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-6.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-26.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"datePublic": "2025-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:43:06.188Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:10258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10258"
},
{
"name": "RHSA-2025:10342",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10342"
},
{
"name": "RHSA-2025:10343",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10343"
},
{
"name": "RHSA-2025:10344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10344"
},
{
"name": "RHSA-2025:10346",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10346"
},
{
"name": "RHSA-2025:10347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10347"
},
{
"name": "RHSA-2025:10348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10348"
},
{
"name": "RHSA-2025:10349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10349"
},
{
"name": "RHSA-2025:10350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10350"
},
{
"name": "RHSA-2025:10351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10351"
},
{
"name": "RHSA-2025:10352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10352"
},
{
"name": "RHSA-2025:10355",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10355"
},
{
"name": "RHSA-2025:10356",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10356"
},
{
"name": "RHSA-2025:10360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10360"
},
{
"name": "RHSA-2025:10370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10370"
},
{
"name": "RHSA-2025:10374",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10374"
},
{
"name": "RHSA-2025:10375",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10375"
},
{
"name": "RHSA-2025:10376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10376"
},
{
"name": "RHSA-2025:10377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10377"
},
{
"name": "RHSA-2025:10378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10378"
},
{
"name": "RHSA-2025:10381",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10381"
},
{
"name": "RHSA-2025:10410",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10410"
},
{
"name": "RHSA-2025:9303",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9303"
},
{
"name": "RHSA-2025:9304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9304"
},
{
"name": "RHSA-2025:9305",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9305"
},
{
"name": "RHSA-2025:9306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9306"
},
{
"name": "RHSA-2025:9392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9392"
},
{
"name": "RHSA-2025:9964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9964"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-49179"
},
{
"name": "RHBZ#2369978",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369978"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/2bde9ca49a8fd9a1e6697d5e7ef837870d66f5d4"
},
{
"url": "https://www.x.org/wiki/Development/Security/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-03T10:11:40.389Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-06-17T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-49179",
"datePublished": "2025-06-17T14:54:49.288Z",
"dateReserved": "2025-06-03T05:38:02.947Z",
"dateUpdated": "2025-12-11T15:43:06.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49178 (GCVE-0-2025-49178)
Vulnerability from cvelistv5 – Published: 2025-06-17 14:54 – Updated: 2025-12-11 15:43
VLAI
Title
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
Summary
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-667 - Improper Locking
Assigner
References
33 references
Impacted products
47 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | xwayland |
Affected:
0 , < 24.1.7
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-4.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.1 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7.7 Advanced Update Support |
Unaffected:
0:1.8.0-17.el7_7.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:7.7::server |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-32.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9.2 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.20.11-26.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:21.1.3-18.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.15.0-7.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.20.6-4.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.10-2.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.13 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.10-2.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.11.0-8.el8_4.13 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.12.0-15.el8_8.14 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-15.el8_8.14 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-31.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-4.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-8.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-3.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-11.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.15 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-8.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-18.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-14.el9_2.12 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-6.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.20.11-26.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.7 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2025-06-17 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T15:05:17.851006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T15:05:29.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:12.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "xwayland",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-4.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:7.7::server"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7.7 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-17.el7_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-32.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-26.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-18.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-7.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.6-4.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-2.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-2.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-31.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-4.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-8.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-3.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-11.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-8.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-18.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-6.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-26.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"datePublic": "2025-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the X server\u0027s request handling. Non-zero \u0027bytes to ignore\u0027 in a client\u0027s request can cause the server to skip processing another client\u0027s request, potentially leading to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:43:22.202Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:10258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10258"
},
{
"name": "RHSA-2025:10342",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10342"
},
{
"name": "RHSA-2025:10343",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10343"
},
{
"name": "RHSA-2025:10344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10344"
},
{
"name": "RHSA-2025:10346",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10346"
},
{
"name": "RHSA-2025:10347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10347"
},
{
"name": "RHSA-2025:10348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10348"
},
{
"name": "RHSA-2025:10349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10349"
},
{
"name": "RHSA-2025:10350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10350"
},
{
"name": "RHSA-2025:10351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10351"
},
{
"name": "RHSA-2025:10352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10352"
},
{
"name": "RHSA-2025:10355",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10355"
},
{
"name": "RHSA-2025:10356",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10356"
},
{
"name": "RHSA-2025:10360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10360"
},
{
"name": "RHSA-2025:10370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10370"
},
{
"name": "RHSA-2025:10374",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10374"
},
{
"name": "RHSA-2025:10375",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10375"
},
{
"name": "RHSA-2025:10376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10376"
},
{
"name": "RHSA-2025:10377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10377"
},
{
"name": "RHSA-2025:10378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10378"
},
{
"name": "RHSA-2025:10381",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10381"
},
{
"name": "RHSA-2025:10410",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10410"
},
{
"name": "RHSA-2025:9303",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9303"
},
{
"name": "RHSA-2025:9304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9304"
},
{
"name": "RHSA-2025:9305",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9305"
},
{
"name": "RHSA-2025:9306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9306"
},
{
"name": "RHSA-2025:9392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9392"
},
{
"name": "RHSA-2025:9964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9964"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-49178"
},
{
"name": "RHBZ#2369977",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369977"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/d55c54cecb5e83eaa2d56bed5cc4461f9ba318c2"
},
{
"url": "https://www.x.org/wiki/Development/Security/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-03T10:00:49.274Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-06-17T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-667: Improper Locking"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-49178",
"datePublished": "2025-06-17T14:54:42.646Z",
"dateReserved": "2025-06-03T05:38:02.947Z",
"dateUpdated": "2025-12-11T15:43:22.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49177 (GCVE-0-2025-49177)
Vulnerability from cvelistv5 – Published: 2025-06-17 14:49 – Updated: 2025-12-11 15:43
VLAI
Title
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode
Summary
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:10258 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2025:9303 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2025:9304 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-49177 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2369955 | issue-trackingx_refsource_REDHAT |
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | |
| https://www.x.org/wiki/Development/Security/ |
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | xwayland |
Affected:
0 , < 24.1.7
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-4.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-31.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-4.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-6.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2025-06-17 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T14:57:08.270521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:57:19.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "xwayland",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-4.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-31.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-4.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-6.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Julian Suleder and Nils Emmerich for reporting this issue."
}
],
"datePublic": "2025-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:43:01.939Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:10258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10258"
},
{
"name": "RHSA-2025:9303",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9303"
},
{
"name": "RHSA-2025:9304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9304"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-49177"
},
{
"name": "RHBZ#2369955",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369955"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af"
},
{
"url": "https://www.x.org/wiki/Development/Security/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-03T07:25:46.732Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-06-17T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension\u0027s xfixessetclientdisconnectmode",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-49177",
"datePublished": "2025-06-17T14:49:49.199Z",
"dateReserved": "2025-06-03T05:38:02.947Z",
"dateUpdated": "2025-12-11T15:43:01.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49176 (GCVE-0-2025-49176)
Vulnerability from cvelistv5 – Published: 2025-06-17 14:49 – Updated: 2025-12-11 15:34
VLAI
Title
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension
Summary
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
35 references
Impacted products
47 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | xwayland |
Affected:
0 , < 24.1.7
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-4.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.1 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7.7 Advanced Update Support |
Unaffected:
0:1.8.0-17.el7_7.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:7.7::server |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-32.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9.2 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.20.11-26.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:21.1.3-18.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.15.0-7.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.20.6-4.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.10-2.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.10-2.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.11.0-8.el8_4.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.12.0-15.el8_8.14 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-15.el8_8.14 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-31.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-4.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-8.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-3.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-11.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.15 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-8.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-18.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-14.el9_2.12 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-6.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.20.11-26.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.7 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2025-06-17 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T14:58:49.779795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:59:07.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:11.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/18/2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "xwayland",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-4.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:7.7::server"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7.7 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-17.el7_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-32.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-26.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-18.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-7.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.6-4.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-2.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-2.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-31.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-4.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-8.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-3.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-11.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-8.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-18.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-6.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-26.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Julian Suleder and Nils Emmerich for reporting this issue."
}
],
"datePublic": "2025-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:34:07.129Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:10258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10258"
},
{
"name": "RHSA-2025:10342",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10342"
},
{
"name": "RHSA-2025:10343",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10343"
},
{
"name": "RHSA-2025:10344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10344"
},
{
"name": "RHSA-2025:10346",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10346"
},
{
"name": "RHSA-2025:10347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10347"
},
{
"name": "RHSA-2025:10348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10348"
},
{
"name": "RHSA-2025:10349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10349"
},
{
"name": "RHSA-2025:10350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10350"
},
{
"name": "RHSA-2025:10351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10351"
},
{
"name": "RHSA-2025:10352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10352"
},
{
"name": "RHSA-2025:10355",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10355"
},
{
"name": "RHSA-2025:10356",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10356"
},
{
"name": "RHSA-2025:10360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10360"
},
{
"name": "RHSA-2025:10370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10370"
},
{
"name": "RHSA-2025:10374",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10374"
},
{
"name": "RHSA-2025:10375",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10375"
},
{
"name": "RHSA-2025:10376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10376"
},
{
"name": "RHSA-2025:10377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10377"
},
{
"name": "RHSA-2025:10378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10378"
},
{
"name": "RHSA-2025:10381",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10381"
},
{
"name": "RHSA-2025:10410",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10410"
},
{
"name": "RHSA-2025:9303",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9303"
},
{
"name": "RHSA-2025:9304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9304"
},
{
"name": "RHSA-2025:9305",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9305"
},
{
"name": "RHSA-2025:9306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9306"
},
{
"name": "RHSA-2025:9392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9392"
},
{
"name": "RHSA-2025:9964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9964"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-49176"
},
{
"name": "RHBZ#2369954",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369954"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1"
},
{
"url": "https://www.x.org/wiki/Development/Security/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-03T07:10:25.307Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-06-17T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-49176",
"datePublished": "2025-06-17T14:49:49.143Z",
"dateReserved": "2025-06-03T05:38:02.947Z",
"dateUpdated": "2025-12-11T15:34:07.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49175 (GCVE-0-2025-49175)
Vulnerability from cvelistv5 – Published: 2025-06-17 14:39 – Updated: 2025-12-11 15:34
VLAI
Title
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors
Summary
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
34 references
Impacted products
47 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | xwayland |
Affected:
0 , < 24.1.8
(semver)
|
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-4.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.1 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7.7 Advanced Update Support |
Unaffected:
0:1.8.0-17.el7_7.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:7.7::server |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-32.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9.2 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.20.11-26.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:21.1.3-18.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.15.0-7.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.20.6-4.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.10-2.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.13 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.10-2.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.11.0-8.el8_4.13 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.14 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-2.el8_6.4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-5.el8_6.3 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.12.0-15.el8_8.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-16.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-15.el8_8.14 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-11.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-31.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-4.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-8.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-3.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-11.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.15 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:21.1.3-8.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.20.11-18.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-14.el9_2.12 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:22.1.9-6.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.20.11-26.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.7 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2025-06-17 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T14:53:24.755088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:53:37.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:09.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "xwayland",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-4.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:7.7::server"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7.7 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-17.el7_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-32.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-26.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-18.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.0-7.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.6-4.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-2.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.10-2.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-2.el8_6.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-5.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-16.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-11.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-31.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-4.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-8.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-3.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-11.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-8.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-18.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-6.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-26.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Julian Suleder and Nils Emmerich for reporting this issue."
}
],
"datePublic": "2025-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the X Rendering extension\u0027s handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:34:12.649Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:10258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10258"
},
{
"name": "RHSA-2025:10342",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10342"
},
{
"name": "RHSA-2025:10343",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10343"
},
{
"name": "RHSA-2025:10344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10344"
},
{
"name": "RHSA-2025:10346",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10346"
},
{
"name": "RHSA-2025:10347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10347"
},
{
"name": "RHSA-2025:10348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10348"
},
{
"name": "RHSA-2025:10349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10349"
},
{
"name": "RHSA-2025:10350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10350"
},
{
"name": "RHSA-2025:10351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10351"
},
{
"name": "RHSA-2025:10352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10352"
},
{
"name": "RHSA-2025:10355",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10355"
},
{
"name": "RHSA-2025:10356",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10356"
},
{
"name": "RHSA-2025:10360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10360"
},
{
"name": "RHSA-2025:10370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10370"
},
{
"name": "RHSA-2025:10374",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10374"
},
{
"name": "RHSA-2025:10375",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10375"
},
{
"name": "RHSA-2025:10376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10376"
},
{
"name": "RHSA-2025:10377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10377"
},
{
"name": "RHSA-2025:10378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10378"
},
{
"name": "RHSA-2025:10381",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10381"
},
{
"name": "RHSA-2025:10410",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10410"
},
{
"name": "RHSA-2025:9303",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9303"
},
{
"name": "RHSA-2025:9304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9304"
},
{
"name": "RHSA-2025:9305",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9305"
},
{
"name": "RHSA-2025:9306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9306"
},
{
"name": "RHSA-2025:9392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9392"
},
{
"name": "RHSA-2025:9964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9964"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-49175"
},
{
"name": "RHBZ#2369947",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369947"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0885e0b26225c90534642fe911632ec0779eebee"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024"
},
{
"url": "https://www.x.org/wiki/Development/Security/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-03T05:39:18.827Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-06-17T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-49175",
"datePublished": "2025-06-17T14:39:39.428Z",
"dateReserved": "2025-06-03T05:38:02.947Z",
"dateUpdated": "2025-12-11T15:34:12.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49737 (GCVE-0-2022-49737)
Vulnerability from cvelistv5 – Published: 2025-03-16 00:00 – Updated: 2025-03-17 16:07
VLAI
Summary
In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.
Severity
7.7 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-413 - Improper Resource Locking
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49737",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T16:07:10.290860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T16:07:13.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081338"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "X server",
"vendor": "X.org",
"versions": [
{
"lessThanOrEqual": "21.1.16",
"status": "affected",
"version": "20.11",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "21.1.16",
"versionStartIncluding": "20.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-413",
"description": "CWE-413 Improper Resource Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T00:56:33.955Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081338"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/issues/1260"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1081338;filename=dix-Hold-input-lock-for-AttachDevice.patch;msg=5"
},
{
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-49737",
"datePublished": "2025-03-16T00:00:00.000Z",
"dateReserved": "2025-03-16T00:00:00.000Z",
"dateUpdated": "2025-03-17T16:07:13.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26601 (GCVE-0-2025-26601)
Vulnerability from cvelistv5 – Published: 2025-02-25 15:55 – Updated: 2026-04-06 12:53
VLAI
Title
Xorg: xwayland: use-after-free in syncinittrigger()
Summary
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
19 references
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 21.1.16
(semver)
Affected: 22.0.0 , < 24.1.6 (semver) |
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-3.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-30.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.13.1-15.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.12.0-15.el8_8.12 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-1.el9_5.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-28.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-3.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:1.12.0-14.el9_2.10 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
Date Public
2025-02-25 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T16:08:41.554166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T16:08:49.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:13:09.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250516-0004/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver/",
"defaultStatus": "unaffected",
"packageName": "xserver",
"versions": [
{
"lessThan": "21.1.16",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "24.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-3.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-30.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-15.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-1.el9_5.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-28.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-3.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T12:53:35.517Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:2500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2500"
},
{
"name": "RHSA-2025:2502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2502"
},
{
"name": "RHSA-2025:2861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2861"
},
{
"name": "RHSA-2025:2862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2862"
},
{
"name": "RHSA-2025:2865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2865"
},
{
"name": "RHSA-2025:2866",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2866"
},
{
"name": "RHSA-2025:2873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2873"
},
{
"name": "RHSA-2025:2874",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2874"
},
{
"name": "RHSA-2025:2875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2875"
},
{
"name": "RHSA-2025:2879",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2879"
},
{
"name": "RHSA-2025:2880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2880"
},
{
"name": "RHSA-2025:3976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3976"
},
{
"name": "RHSA-2025:7163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7163"
},
{
"name": "RHSA-2025:7165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7165"
},
{
"name": "RHSA-2025:7458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7458"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26601"
},
{
"name": "RHBZ#2345251",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345251"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T14:18:30.820Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-25T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg: xwayland: use-after-free in syncinittrigger()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26601",
"datePublished": "2025-02-25T15:55:36.775Z",
"dateReserved": "2025-02-12T14:12:22.796Z",
"dateUpdated": "2026-04-06T12:53:35.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26600 (GCVE-0-2025-26600)
Vulnerability from cvelistv5 – Published: 2025-02-25 15:55 – Updated: 2026-04-06 12:53
VLAI
Title
Xorg: xwayland: use-after-free in playreleasedevents()
Summary
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
19 references
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 21.1.16
(semver)
Affected: 22.0.0 , < 24.1.6 (semver) |
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-3.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-30.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.13.1-15.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.12.0-15.el8_8.12 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-1.el9_5.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-28.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-3.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:1.12.0-14.el9_2.10 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
Date Public
2025-02-25 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T16:16:54.221297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T16:17:05.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:13:07.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250516-0005/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver/",
"defaultStatus": "unaffected",
"packageName": "xserver",
"versions": [
{
"lessThan": "21.1.16",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "24.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-3.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-30.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-15.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-1.el9_5.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-28.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-3.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T12:53:29.954Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:2500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2500"
},
{
"name": "RHSA-2025:2502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2502"
},
{
"name": "RHSA-2025:2861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2861"
},
{
"name": "RHSA-2025:2862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2862"
},
{
"name": "RHSA-2025:2865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2865"
},
{
"name": "RHSA-2025:2866",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2866"
},
{
"name": "RHSA-2025:2873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2873"
},
{
"name": "RHSA-2025:2874",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2874"
},
{
"name": "RHSA-2025:2875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2875"
},
{
"name": "RHSA-2025:2879",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2879"
},
{
"name": "RHSA-2025:2880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2880"
},
{
"name": "RHSA-2025:3976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3976"
},
{
"name": "RHSA-2025:7163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7163"
},
{
"name": "RHSA-2025:7165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7165"
},
{
"name": "RHSA-2025:7458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7458"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26600"
},
{
"name": "RHBZ#2345252",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345252"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T14:15:01.957Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-25T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg: xwayland: use-after-free in playreleasedevents()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26600",
"datePublished": "2025-02-25T15:55:20.421Z",
"dateReserved": "2025-02-12T14:12:22.796Z",
"dateUpdated": "2026-04-06T12:53:29.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26599 (GCVE-0-2025-26599)
Vulnerability from cvelistv5 – Published: 2025-02-25 15:55 – Updated: 2026-04-06 12:53
VLAI
Title
Xorg: xwayland: use of uninitialized pointer in compredirectwindow()
Summary
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
18 references
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 21.1.16
(semver)
Affected: 22.0.0 , < 24.1.6 (semver) |
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-3.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-30.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.13.1-15.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.12.0-15.el8_8.12 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-1.el9_5.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-28.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-3.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:1.12.0-14.el9_2.10 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
Date Public
2025-02-25 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T16:22:35.562208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T16:22:51.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:13:06.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver/",
"defaultStatus": "unaffected",
"packageName": "xserver",
"versions": [
{
"lessThan": "21.1.16",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "24.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-3.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-30.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-15.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-1.el9_5.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-28.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-3.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T12:53:26.527Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:2500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2500"
},
{
"name": "RHSA-2025:2502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2502"
},
{
"name": "RHSA-2025:2861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2861"
},
{
"name": "RHSA-2025:2862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2862"
},
{
"name": "RHSA-2025:2865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2865"
},
{
"name": "RHSA-2025:2866",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2866"
},
{
"name": "RHSA-2025:2873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2873"
},
{
"name": "RHSA-2025:2874",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2874"
},
{
"name": "RHSA-2025:2875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2875"
},
{
"name": "RHSA-2025:2879",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2879"
},
{
"name": "RHSA-2025:2880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2880"
},
{
"name": "RHSA-2025:3976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3976"
},
{
"name": "RHSA-2025:7163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7163"
},
{
"name": "RHSA-2025:7165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7165"
},
{
"name": "RHSA-2025:7458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7458"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26599"
},
{
"name": "RHBZ#2345253",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345253"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T14:15:01.808Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-25T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg: xwayland: use of uninitialized pointer in compredirectwindow()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-824: Access of Uninitialized Pointer"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26599",
"datePublished": "2025-02-25T15:55:02.964Z",
"dateReserved": "2025-02-12T14:12:22.796Z",
"dateUpdated": "2026-04-06T12:53:26.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26598 (GCVE-0-2025-26598)
Vulnerability from cvelistv5 – Published: 2025-02-25 15:54 – Updated: 2026-04-06 12:53
VLAI
Title
Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()
Summary
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
18 references
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 21.1.16
(semver)
Affected: 22.0.0 , < 24.1.6 (semver) |
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-3.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-30.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.13.1-15.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.12.0-15.el8_8.12 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-1.el9_5.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-28.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-3.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:1.12.0-14.el9_2.10 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
Date Public
2025-02-25 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T16:24:04.385893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T16:24:43.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:13:05.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver/",
"defaultStatus": "unaffected",
"packageName": "xserver",
"versions": [
{
"lessThan": "21.1.16",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "24.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-3.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-30.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-15.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-1.el9_5.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-28.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-3.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T12:53:25.158Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:2500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2500"
},
{
"name": "RHSA-2025:2502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2502"
},
{
"name": "RHSA-2025:2861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2861"
},
{
"name": "RHSA-2025:2862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2862"
},
{
"name": "RHSA-2025:2865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2865"
},
{
"name": "RHSA-2025:2866",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2866"
},
{
"name": "RHSA-2025:2873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2873"
},
{
"name": "RHSA-2025:2874",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2874"
},
{
"name": "RHSA-2025:2875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2875"
},
{
"name": "RHSA-2025:2879",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2879"
},
{
"name": "RHSA-2025:2880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2880"
},
{
"name": "RHSA-2025:3976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3976"
},
{
"name": "RHSA-2025:7163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7163"
},
{
"name": "RHSA-2025:7165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7165"
},
{
"name": "RHSA-2025:7458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7458"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26598"
},
{
"name": "RHBZ#2345254",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345254"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T14:15:01.664Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-25T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26598",
"datePublished": "2025-02-25T15:54:57.355Z",
"dateReserved": "2025-02-12T14:12:22.796Z",
"dateUpdated": "2026-04-06T12:53:25.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26597 (GCVE-0-2025-26597)
Vulnerability from cvelistv5 – Published: 2025-02-25 15:54 – Updated: 2026-06-02 03:08
VLAI
Title
Xorg: xwayland: buffer overflow in xkbchangetypesofkey()
Summary
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
19 references
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 21.1.16
(semver)
Affected: 22.0.0 , < 24.1.6 (semver) |
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-3.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-30.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.13.1-15.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.12.0-15.el8_8.12 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-1.el9_5.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-28.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-3.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:1.12.0-14.el9_2.10 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
Date Public
2025-02-25 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T16:39:35.677718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:14:54.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-02T03:08:13.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver/",
"defaultStatus": "unaffected",
"packageName": "xserver",
"versions": [
{
"lessThan": "21.1.16",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "24.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-3.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-30.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-15.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-1.el9_5.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-28.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-3.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T12:53:24.502Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:2500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2500"
},
{
"name": "RHSA-2025:2502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2502"
},
{
"name": "RHSA-2025:2861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2861"
},
{
"name": "RHSA-2025:2862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2862"
},
{
"name": "RHSA-2025:2865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2865"
},
{
"name": "RHSA-2025:2866",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2866"
},
{
"name": "RHSA-2025:2873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2873"
},
{
"name": "RHSA-2025:2874",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2874"
},
{
"name": "RHSA-2025:2875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2875"
},
{
"name": "RHSA-2025:2879",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2879"
},
{
"name": "RHSA-2025:2880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2880"
},
{
"name": "RHSA-2025:3976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3976"
},
{
"name": "RHSA-2025:7163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7163"
},
{
"name": "RHSA-2025:7165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7165"
},
{
"name": "RHSA-2025:7458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7458"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26597"
},
{
"name": "RHBZ#2345255",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345255"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T14:15:01.517Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-25T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg: xwayland: buffer overflow in xkbchangetypesofkey()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26597",
"datePublished": "2025-02-25T15:54:48.196Z",
"dateReserved": "2025-02-12T14:12:22.795Z",
"dateUpdated": "2026-06-02T03:08:13.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26596 (GCVE-0-2025-26596)
Vulnerability from cvelistv5 – Published: 2025-02-25 15:54 – Updated: 2026-04-06 12:53
VLAI
Title
Xorg: xwayland: heap overflow in xkbwritekeysyms()
Summary
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
18 references
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 21.1.16
(semver)
Affected: 22.0.0 , < 24.1.6 (semver) |
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-3.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-30.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.13.1-15.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.12.0-15.el8_8.12 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-1.el9_5.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-28.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-3.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:1.12.0-14.el9_2.10 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
Date Public
2025-02-25 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T17:14:01.432188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T17:22:27.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:13:01.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver/",
"defaultStatus": "unaffected",
"packageName": "xserver",
"versions": [
{
"lessThan": "21.1.16",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "24.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-3.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-30.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-15.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-1.el9_5.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-28.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-3.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T12:53:14.993Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:2500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2500"
},
{
"name": "RHSA-2025:2502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2502"
},
{
"name": "RHSA-2025:2861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2861"
},
{
"name": "RHSA-2025:2862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2862"
},
{
"name": "RHSA-2025:2865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2865"
},
{
"name": "RHSA-2025:2866",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2866"
},
{
"name": "RHSA-2025:2873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2873"
},
{
"name": "RHSA-2025:2874",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2874"
},
{
"name": "RHSA-2025:2875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2875"
},
{
"name": "RHSA-2025:2879",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2879"
},
{
"name": "RHSA-2025:2880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2880"
},
{
"name": "RHSA-2025:3976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3976"
},
{
"name": "RHSA-2025:7163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7163"
},
{
"name": "RHSA-2025:7165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7165"
},
{
"name": "RHSA-2025:7458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7458"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26596"
},
{
"name": "RHBZ#2345256",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345256"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T14:15:01.367Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-25T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg: xwayland: heap overflow in xkbwritekeysyms()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26596",
"datePublished": "2025-02-25T15:54:23.693Z",
"dateReserved": "2025-02-12T14:12:22.795Z",
"dateUpdated": "2026-04-06T12:53:14.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26595 (GCVE-0-2025-26595)
Vulnerability from cvelistv5 – Published: 2025-02-25 15:54 – Updated: 2026-04-06 12:53
VLAI
Title
Xorg: xwayland: buffer overflow in xkbvmodmasktext()
Summary
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
18 references
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 21.1.16
(semver)
Affected: 22.0.0 , < 24.1.6 (semver) |
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-3.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-30.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.13.1-15.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.12.0-15.el8_8.12 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-1.el9_5.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-28.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-3.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:1.12.0-14.el9_2.10 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
Date Public
2025-02-25 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T20:05:05.924947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:05:22.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:13:00.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver/",
"defaultStatus": "unaffected",
"packageName": "xserver",
"versions": [
{
"lessThan": "21.1.16",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "24.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-3.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-30.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-15.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-1.el9_5.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-28.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-3.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T12:53:14.906Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:2500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2500"
},
{
"name": "RHSA-2025:2502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2502"
},
{
"name": "RHSA-2025:2861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2861"
},
{
"name": "RHSA-2025:2862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2862"
},
{
"name": "RHSA-2025:2865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2865"
},
{
"name": "RHSA-2025:2866",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2866"
},
{
"name": "RHSA-2025:2873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2873"
},
{
"name": "RHSA-2025:2874",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2874"
},
{
"name": "RHSA-2025:2875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2875"
},
{
"name": "RHSA-2025:2879",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2879"
},
{
"name": "RHSA-2025:2880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2880"
},
{
"name": "RHSA-2025:3976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3976"
},
{
"name": "RHSA-2025:7163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7163"
},
{
"name": "RHSA-2025:7165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7165"
},
{
"name": "RHSA-2025:7458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7458"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26595"
},
{
"name": "RHBZ#2345257",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345257"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T14:15:00.929Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-25T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg: xwayland: buffer overflow in xkbvmodmasktext()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26595",
"datePublished": "2025-02-25T15:54:06.708Z",
"dateReserved": "2025-02-12T14:12:22.795Z",
"dateUpdated": "2026-04-06T12:53:14.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26594 (GCVE-0-2025-26594)
Vulnerability from cvelistv5 – Published: 2025-02-25 15:53 – Updated: 2026-04-06 12:53
VLAI
Title
X.org: xwayland: use-after-free of the root cursor
Summary
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
18 references
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 21.1.16
(semver)
Affected: 22.0.0 , < 24.1.6 (semver) |
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:24.1.5-3.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.8.0-36.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:1.20.4-30.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.13.1-15.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.13 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-8.el8_4.12 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.12.0-6.el8_6.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.12.0-15.el8_8.12 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.14.1-1.el9_5.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-28.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:23.2.7-3.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-22.el9_0.13 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:1.12.0-14.el9_2.10 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.13.1-8.el9_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
Date Public
2025-02-25 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T20:13:53.357050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:14:16.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:12:58.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver/",
"defaultStatus": "unaffected",
"packageName": "xserver",
"versions": [
{
"lessThan": "21.1.16",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "24.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:24.1.5-3.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-36.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-30.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-15.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.14.1-1.el9_5.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-28.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:23.2.7-3.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-8.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2025-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T12:53:14.958Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:2500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2500"
},
{
"name": "RHSA-2025:2502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2502"
},
{
"name": "RHSA-2025:2861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2861"
},
{
"name": "RHSA-2025:2862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2862"
},
{
"name": "RHSA-2025:2865",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2865"
},
{
"name": "RHSA-2025:2866",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2866"
},
{
"name": "RHSA-2025:2873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2873"
},
{
"name": "RHSA-2025:2874",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2874"
},
{
"name": "RHSA-2025:2875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2875"
},
{
"name": "RHSA-2025:2879",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2879"
},
{
"name": "RHSA-2025:2880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:2880"
},
{
"name": "RHSA-2025:3976",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3976"
},
{
"name": "RHSA-2025:7163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7163"
},
{
"name": "RHSA-2025:7165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7165"
},
{
"name": "RHSA-2025:7458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7458"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-26594"
},
{
"name": "RHBZ#2345248",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345248"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T14:14:54.698Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-02-25T00:00:00.000Z",
"value": "Made public."
}
],
"title": "X.org: xwayland: use-after-free of the root cursor",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-26594",
"datePublished": "2025-02-25T15:53:51.324Z",
"dateReserved": "2025-02-12T14:12:22.795Z",
"dateUpdated": "2026-04-06T12:53:14.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0229 (GCVE-0-2024-0229)
Vulnerability from cvelistv5 – Published: 2024-02-09 06:29 – Updated: 2025-11-06 20:51
VLAI
Title
Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Summary
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
21 references
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
21.1.0 , < 21.1.11
(semver)
|
|||
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION |
Unaffected:
0:1.1.0-25.el6_10.13 , < *
(rpm)
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
Unaffected:
0:1.20.4-27.el7_9 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::computenode cpe:/o:redhat:enterprise_linux:7::client |
|
| Red Hat | Red Hat Enterprise Linux 7 |
Unaffected:
0:1.8.0-31.el7_9 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::computenode cpe:/o:redhat:enterprise_linux:7::client |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.13.1-2.el8_9.7 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.20.11-22.el8 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:21.1.3-15.el8 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.9.0-15.el8_2.9 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service |
Unaffected:
0:1.9.0-15.el8_2.9 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions |
Unaffected:
0:1.9.0-15.el8_2.9 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.11.0-8.el8_4.8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.11.0-8.el8_4.8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.11.0-8.el8_4.8 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support |
Unaffected:
0:1.12.0-6.el8_6.9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.12.0-15.el8_8.7 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.13.1-3.el9_3.6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.20.11-24.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:22.1.9-5.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support |
Unaffected:
0:1.11.0-22.el9_0.8 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:1.12.0-14.el9_2.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
Date Public
2024-01-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:19.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0320",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0320"
},
{
"name": "RHSA-2024:0557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0557"
},
{
"name": "RHSA-2024:0558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0558"
},
{
"name": "RHSA-2024:0597",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0597"
},
{
"name": "RHSA-2024:0607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0607"
},
{
"name": "RHSA-2024:0614",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0614"
},
{
"name": "RHSA-2024:0617",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0617"
},
{
"name": "RHSA-2024:0621",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0621"
},
{
"name": "RHSA-2024:0626",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0626"
},
{
"name": "RHSA-2024:0629",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0629"
},
{
"name": "RHSA-2024:2169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2169"
},
{
"name": "RHSA-2024:2170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2170"
},
{
"name": "RHSA-2024:2995",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2995"
},
{
"name": "RHSA-2024:2996",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2996"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0229"
},
{
"name": "RHBZ#2256690",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T16:50:56.761255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T14:31:56.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.freedesktop.org/xorg/xserver",
"defaultStatus": "unaffected",
"packageName": "xorg-server",
"versions": [
{
"lessThan": "21.1.11",
"status": "affected",
"version": "21.1.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.0-25.el6_10.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::server",
"cpe:/o:redhat:enterprise_linux:7::workstation",
"cpe:/o:redhat:enterprise_linux:7::computenode",
"cpe:/o:redhat:enterprise_linux:7::client"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.4-27.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::server",
"cpe:/o:redhat:enterprise_linux:7::workstation",
"cpe:/o:redhat:enterprise_linux:7::computenode",
"cpe:/o:redhat:enterprise_linux:7::client"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.0-31.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-2.el8_9.7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-22.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:21.1.3-15.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.0-15.el8_2.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-8.el8_4.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-6.el8_6.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-15.el8_8.7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.13.1-3.el9_3.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.20.11-24.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "xorg-x11-server-Xwayland",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:22.1.9-5.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.11.0-22.el9_0.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "tigervnc",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.0-14.el9_2.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "xorg-x11-server",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter."
}
],
"datePublic": "2024-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:51:57.196Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0320",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0320"
},
{
"name": "RHSA-2024:0557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0557"
},
{
"name": "RHSA-2024:0558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0558"
},
{
"name": "RHSA-2024:0597",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0597"
},
{
"name": "RHSA-2024:0607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0607"
},
{
"name": "RHSA-2024:0614",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0614"
},
{
"name": "RHSA-2024:0617",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0617"
},
{
"name": "RHSA-2024:0621",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0621"
},
{
"name": "RHSA-2024:0626",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0626"
},
{
"name": "RHSA-2024:0629",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0629"
},
{
"name": "RHSA-2024:2169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2169"
},
{
"name": "RHSA-2024:2170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2170"
},
{
"name": "RHSA-2024:2995",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2995"
},
{
"name": "RHSA-2024:2996",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2996"
},
{
"name": "RHSA-2025:12751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:12751"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0229"
},
{
"name": "RHBZ#2256690",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-03T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-16T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0229",
"datePublished": "2024-02-09T06:29:51.542Z",
"dateReserved": "2024-01-03T21:53:07.804Z",
"dateUpdated": "2025-11-06T20:51:57.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}