Skip to main content

Aix CVE-2025-62230

HIGH
Use After Free (CWE-416)
2025-10-30 secalert@redhat.com
7.3
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.3 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
SUSE
HIGH
qualitative
Red Hat
7.3 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 20, 2026 - 14:34 vuln.today

DescriptionCVE.org

A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.

AnalysisAI

Use-after-free memory corruption in X.Org X server's Xkb extension allows local authenticated attackers to achieve high confidentiality impact, low integrity impact, and high availability impact (CVSS 7.3) through improper resource cleanup during client disconnection. The vulnerability affects Red Hat Enterprise Linux distributions with multiple security advisories released (RHSA-2025:19432 through RHSA-2025:22055). EPSS data not provided, but the local attack vector (AV:L) and low complexity (AC:L) indicate exploitation requires authenticated local access. No CISA KEV listing or public POC identified at time of analysis.

Technical ContextAI

The X.Org X server implements the X Keyboard (Xkb) extension to manage keyboard mappings, layouts, and input device configuration in X11 windowing systems. This vulnerability (CWE-416: Use After Free) occurs in the resource cleanup path when X11 clients disconnect from the server. The software incorrectly frees memory structures containing Xkb-related data without properly detaching or nullifying pointers held by related resources. When subsequent code attempts to access these freed memory regions-either through lingering references or during final cleanup operations-it triggers a use-after-free condition. The tagged presence of both 'Buffer Overflow' and 'Memory Corruption' alongside 'Use After Free' suggests the freed memory may be reallocated for different purposes, allowing controlled memory corruption through heap manipulation techniques common in use-after-free exploitation. The X server typically runs with elevated privileges on Linux systems, making memory corruption vulnerabilities in this component particularly security-sensitive despite the local attack vector.

RemediationAI

Apply vendor-released patches immediately through standard Red Hat update mechanisms using 'yum update xorg-x11-server' or 'dnf update xorg-x11-server' commands appropriate to your RHEL version. Consult the specific Red Hat Security Advisory corresponding to your distribution version from the 15 published advisories (RHSA-2025:19432 through RHSA-2025:22055 available at access.redhat.com/errata) to identify exact fixed package versions. Patched versions are vendor-confirmed available across all affected RHEL releases based on advisory publication. For systems where immediate patching is not feasible, implement compensating controls by restricting local user access to trusted administrators only, disabling remote login capabilities that could provide local shell access to untrusted users, and monitoring X server process crashes through system logging and alerting mechanisms. Consider migrating to Wayland display server protocol where application compatibility permits, as Wayland's architecture eliminates this legacy X11 code path entirely, though this represents a significant configuration change with potential compatibility trade-offs for legacy X11-only applications. No effective workaround exists to disable Xkb extension functionality without breaking keyboard input, making patching the only viable complete remediation.

More in Aix

View all
CVE-2024-56346 CRITICAL
10.0 Mar 18

IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improp

CVE-2024-56347 CRITICAL
9.6 Mar 18

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary comma

CVE-2025-33112 HIGH
8.4 Jun 10

Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privile

CVE-2025-62231 HIGH
7.3 Oct 30

Local privilege escalation in X.Org X server's Xkb extension affects RHEL-family distributions, allowing authenticated u

CVE-2026-0990 MEDIUM
5.9 Jan 15

libxml2's xmlCatalogXMLResolveURI function is vulnerable to uncontrolled recursion when processing self-referencing dele

CVE-2026-0989 LOW
3.7 Jan 15

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser

CVE-2026-0992 LOW
2.9 Jan 15

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML

CVE-2025-8732 LOW
1.9 Aug 08

A vulnerability was found in libxml2 up to 2.14.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack co

CVE-2025-36251 CRITICAL
9.6 Nov 13

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to ex

CVE-2025-36250 CRITICAL
10.0 Nov 13

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a

CVE-2025-36236 HIGH
8.2 Nov 13

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a

CVE-2025-36096 CRITICAL
9.0 Nov 13

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/kvm-os-container:latest Container suse/sl-micro/6.0/rt-os-container:latest Affected
Container suse/sl-micro/6.0/base-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Affected
Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.6 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.33 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.18 Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.30 Affected
Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected

Share

CVE-2025-62230 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy