Primary

Context

X.Org and Xwayland Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in X.Org and Xwayland. This flaw occurs when a device is removed while still frozen, leaving queued events for the device intact even after it has been freed. Replaying these events can trigger the use-after-free condition.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, which can cause memory corruption. This type of vulnerability may be exploited to execute arbitrary code or commands, potentially allowing for privilege escalation.

Remediation

Users can apply the available update for this vulnerability. Instructions for applying the update can be found in the Red Hat Product Errata RHSA-2025:7163, RHSA-2025:7165, and RHSA-2025:7458.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

0.6

exploitability

3.1

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

0.6

exploitability

3.1

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

X.Org and Xwayland Use-After-Free Vulnerability

Vulnerability

Impact

Remediation

Affected Products

X.Org

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating