Primary

Context

X.Org and Xwayland Use-After-Free Vulnerability in Root Cursor

Vulnerability

A use-after-free vulnerability has been identified in X.Org and Xwayland. The issue arises because the root cursor is treated as a global variable in the X server. If a client frees the root cursor, the server's reference to it becomes a dangling pointer, leading to a use-after-free condition.

Impact

Exploitation of this vulnerability causes a use-after-free condition, where the X server references freed memory. This can lead to memory corruption, crashes, or potentially allow for the execution of arbitrary code, depending on how the freed memory is manipulated.

Remediation

Users can apply the available updates for their specific Red Hat Enterprise Linux version. Details on how to apply these updates can be found in the Red Hat Product Errata for each affected version.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

X.Org and Xwayland Use-After-Free Vulnerability in Root Cursor

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating