Xorg X11 Server Xwayland Information Disclosure Vulnerability in XFIXES Extension

Vulnerability

An information disclosure vulnerability has been identified in the XFIXES extension of the Xorg X11 server Xwayland. The issue arises because the XFixesSetClientDisconnectMode handler fails to validate the length of requests, which allows clients to access unintended memory containing residual data from previous requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information by allowing clients to read residual data from previous requests, potentially including confidential or private information.

Added: Jun 17, 2025, 4:46 PM

Updated: Jun 17, 2025, 4:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xorg X11 Server Xwayland Information Disclosure Vulnerability in XFIXES Extension

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating