Skip to main content

Xwayland

10 CVEs product

Monthly

CVE-2025-62230 HIGH PATCH This Week

Use-after-free memory corruption in X.Org X server's Xkb extension allows local authenticated attackers to achieve high confidentiality impact, low integrity impact, and high availability impact (CVSS 7.3) through improper resource cleanup during client disconnection. The vulnerability affects Red Hat Enterprise Linux distributions with multiple security advisories released (RHSA-2025:19432 through RHSA-2025:22055). EPSS data not provided, but the local attack vector (AV:L) and low complexity (AC:L) indicate exploitation requires authenticated local access. No CISA KEV listing or public POC identified at time of analysis.

Buffer Overflow Use After Free Memory Corruption Aix Debian Linux +9
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-62231 HIGH PATCH This Week

Local privilege escalation in X.Org X server's Xkb extension affects RHEL-family distributions, allowing authenticated users to corrupt memory or crash the X server via integer overflow in XkbSetCompatMap(). Attack requires local access with low-privilege credentials. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Red Hat has released patches across multiple RHEL versions (RHSA-2025:19432 through RHSA-2025:22055).

Buffer Overflow Integer Overflow Aix Debian Linux Enterprise Linux +8
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-26601 HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Enterprise Linux X Server +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26600 HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Enterprise Linux X Server +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26599 HIGH PATCH This Week

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Enterprise Linux X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26598 HIGH PATCH This Week

An out-of-bounds write flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Enterprise Linux X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26597 HIGH PATCH This Week

A buffer overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Enterprise Linux X Server Xwayland Tigervnc
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26596 HIGH PATCH This Week

A heap overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Enterprise Linux X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26595 HIGH PATCH This Week

A buffer overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Enterprise Linux X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26594 HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Enterprise Linux X Server +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free memory corruption in X.Org X server's Xkb extension allows local authenticated attackers to achieve high confidentiality impact, low integrity impact, and high availability impact (CVSS 7.3) through improper resource cleanup during client disconnection. The vulnerability affects Red Hat Enterprise Linux distributions with multiple security advisories released (RHSA-2025:19432 through RHSA-2025:22055). EPSS data not provided, but the local attack vector (AV:L) and low complexity (AC:L) indicate exploitation requires authenticated local access. No CISA KEV listing or public POC identified at time of analysis.

Buffer Overflow Use After Free Memory Corruption +11
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in X.Org X server's Xkb extension affects RHEL-family distributions, allowing authenticated users to corrupt memory or crash the X server via integer overflow in XkbSetCompatMap(). Attack requires local access with low-privilege credentials. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Red Hat has released patches across multiple RHEL versions (RHSA-2025:19432 through RHSA-2025:22055).

Buffer Overflow Integer Overflow Aix +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Enterprise Linux +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds write flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Enterprise Linux +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A buffer overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Enterprise Linux X Server +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A heap overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Enterprise Linux +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A buffer overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Enterprise Linux +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +4
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy