Enterprise Linux Tus
Monthly
Use-after-free memory corruption in X.Org X server's Xkb extension allows local authenticated attackers to achieve high confidentiality impact, low integrity impact, and high availability impact (CVSS 7.3) through improper resource cleanup during client disconnection. The vulnerability affects Red Hat Enterprise Linux distributions with multiple security advisories released (RHSA-2025:19432 through RHSA-2025:22055). EPSS data not provided, but the local attack vector (AV:L) and low complexity (AC:L) indicate exploitation requires authenticated local access. No CISA KEV listing or public POC identified at time of analysis.
Local privilege escalation in X.Org X server's Xkb extension affects RHEL-family distributions, allowing authenticated users to corrupt memory or crash the X server via integer overflow in XkbSetCompatMap(). Attack requires local access with low-privilege credentials. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Red Hat has released patches across multiple RHEL versions (RHSA-2025:19432 through RHSA-2025:22055).
Use-after-free memory corruption in X.Org X server's Xkb extension allows local authenticated attackers to achieve high confidentiality impact, low integrity impact, and high availability impact (CVSS 7.3) through improper resource cleanup during client disconnection. The vulnerability affects Red Hat Enterprise Linux distributions with multiple security advisories released (RHSA-2025:19432 through RHSA-2025:22055). EPSS data not provided, but the local attack vector (AV:L) and low complexity (AC:L) indicate exploitation requires authenticated local access. No CISA KEV listing or public POC identified at time of analysis.
Local privilege escalation in X.Org X server's Xkb extension affects RHEL-family distributions, allowing authenticated users to corrupt memory or crash the X server via integer overflow in XkbSetCompatMap(). Attack requires local access with low-privilege credentials. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Red Hat has released patches across multiple RHEL versions (RHSA-2025:19432 through RHSA-2025:22055).