X.Org
Moderate fix1 remedy
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 21.1.15
X.Org and Xwayland Use-After-Free Vulnerability in SyncInitTrigger()
Vulnerability
Patched
A use-after-free vulnerability has been identified in X.Org and Xwayland. This issue arises when an alarm is changed; the change mask values are processed sequentially, updating trigger values as needed. Eventually, the SyncInitTrigger() function is called. If an error occurs during this process, the function exits prematurely without adding the new synchronization object, potentially leading to a use-after-free condition when the alarm is triggered.
Impact
Exploitation of this vulnerability causes a use-after-free condition, which can lead to memory corruption and possibly allow for arbitrary code execution.
Reproduction
To reproduce this vulnerability, change an alarm in the Xwayland environment. The process will evaluate the change mask values one by one, updating the trigger values. If an error is encountered, the SyncInitTrigger() function will return early, creating a use-after-free situation when the alarm eventually triggers.
Remediation
Users can apply the available updates for their Red Hat Enterprise Linux version. Instructions for applying these updates can be found on the Red Hat Customer Portal.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
8.1impact
7.5exploitability
3.8remediation
7.7relevance
0.0threat
1.6urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.