Skip to main content

X Server CVE-2025-62231

HIGH
Integer Overflow or Wraparound (CWE-190)
2025-10-30 secalert@redhat.com
7.3
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.3 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
SUSE
HIGH
qualitative
Red Hat
7.3 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 20, 2026 - 14:33 vuln.today

DescriptionCVE.org

A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.

AnalysisAI

Local privilege escalation in X.Org X server's Xkb extension affects RHEL-family distributions, allowing authenticated users to corrupt memory or crash the X server via integer overflow in XkbSetCompatMap(). Attack requires local access with low-privilege credentials. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Red Hat has released patches across multiple RHEL versions (RHSA-2025:19432 through RHSA-2025:22055).

Technical ContextAI

The vulnerability exists in the X Keyboard (Xkb) extension of the X.Org X server, a fundamental component of graphical Linux/Unix systems that manages keyboard mapping and input handling. The XkbSetCompatMap() function performs insufficient bounds checking on input data before arithmetic operations, triggering CWE-190 (Integer Overflow or Wraparound). When processing specially crafted compatibility map data, an unsigned short variable can overflow during value calculation, resulting in an out-of-bounds write condition. The Xkb extension runs with elevated privileges in the X server process, making memory corruption exploitable for privilege escalation. This affects the core xorg-x11-server package across Red Hat Enterprise Linux variants, including standard RHEL, extended lifecycle releases, and specialized distributions like RHEL for Real Time and SAP Solutions.

RemediationAI

Apply vendor-released patches immediately for affected Red Hat Enterprise Linux systems via the appropriate RHSA advisory for your specific RHEL version and variant. Use yum or dnf package managers to update xorg-x11-server and related packages: 'sudo dnf update xorg-x11-server xorg-x11-server-common xorg-x11-server-Xwayland' (exact package names vary by advisory). Verify installed versions match patched releases specified in your applicable RHSA. For systems unable to patch immediately, implement compensating controls with understanding of operational impact: (1) Disable the Xkb extension by adding 'Option "XkbDisable" "true"' to X server configuration in /etc/X11/xorg.conf (WARNING: breaks keyboard functionality for most desktop environments; only viable for systems using alternative input methods or Wayland); (2) Restrict local user access to systems running X server through stricter authentication policies and account monitoring; (3) Deploy SELinux in enforcing mode to limit X server process privileges (already default on RHEL but verify with 'getenforce'); (4) Consider migrating to Wayland display server where applications support it, as Wayland architecture provides better privilege separation. For non-Red Hat distributions, consult your vendor's security advisories for X.Org X server updates. Headless servers without X.Org installed require no action.

CVE-2018-14665 MEDIUM POC
6.6 Oct 25

A flaw was found in xorg-x11-server before 1.20.3. Rated medium severity (CVSS 6.6), this vulnerability is low attack co

CVE-2019-17624 HIGH POC
7.8 Oct 16

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. Rated high severity (C

CVE-2017-10971 HIGH
8.8 Jul 06

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context

CVE-2026-56000 CRITICAL
9.0 Jul 08

Use-after-free in the GLX dispatch layer of X.Org X Server and Xwayland allows an authenticated X client to corrupt heap

CVE-2022-46344 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46343 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46342 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46341 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46340 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-3550 HIGH
8.8 Oct 17

A vulnerability classified as critical was found in X.org Server. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2023-5367 HIGH
7.8 Oct 25

A out-of-bounds write flaw was found in the xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low a

CVE-2023-6377 HIGH
7.8 Dec 13

A flaw was found in xorg-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-o

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/kvm-os-container:latest Container suse/sl-micro/6.0/rt-os-container:latest Affected
Container suse/sl-micro/6.0/base-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Affected
Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.6 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.33 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.18 Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.30 Affected
Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected

Share

CVE-2025-62231 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy