Primary

Context

X.Org and Xwayland Heap Overflow Vulnerability in Key Symbol Handling

Vulnerability

Patched

A heap overflow vulnerability has been identified in X.Org and Xwayland. The issue arises from a discrepancy in the length calculation within the XkbSizeKeySyms() function, compared to what is actually written in XkbWriteKeySyms(). This mismatch can lead to a heap-based buffer overflow.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption. Such write operations could be used to overwrite control data, potentially allowing for the execution of arbitrary code.

Remediation

Users can apply the available updates for this vulnerability. Instructions for updating can be found in the Red Hat Product Errata RHSA-2025:2500, RHSA-2025:2502, RHSA-2025:2861, RHSA-2025:2862, RHSA-2025:2865, RHSA-2025:2880, RHSA-2025:2873, RHSA-2025:2874, RHSA-2025:2875, RHSA-2025:7163, RHSA-2025:7165 and RHSA-2025:7458.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

X.Org and Xwayland Heap Overflow Vulnerability in Key Symbol Handling

Vulnerability

Impact

Remediation

Affected Products

Xwayland

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating