Primary

Context

X.Org X Server and Xwayland X Keyboard Extension Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the X.Org X server's X Keyboard (Xkb) extension, specifically in the client resource cleanup process. When a client's Xkb resources are removed, the associated data is freed prematurely while still being referenced. This flaw can lead to memory corruption or crashes when the affected clients disconnect. The vulnerability is present in the X.Org X server and Xwayland components.

Impact

Exploitation of this vulnerability can cause memory corruption or crashes, as the cleanup process attempts to access already freed memory. Additionally, according to Red Hat, there is potential for executing arbitrary code under certain conditions.

Added: Oct 30, 2025, 6:17 AM

Updated: Oct 30, 2025, 6:17 AM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

1.3

exploitability

3.5

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

1.3

exploitability

3.5

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

X.Org X Server and Xwayland X Keyboard Extension Use-After-Free Vulnerability

Vulnerability

Impact

Affected Products

X.Org X server

Xwayland

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating