CVE-2025-62229

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions X.Org X Server and Xwayland versions 2:21.1.16-1ubuntu1.2 through 2:24.1.6-1ubuntu0.2

Description A flaw exists in the X.Org X server and Xwayland when handling X11 Present extension notifications. Improper error handling during notification creation can result in dangling pointers, leading to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.

Recommendations Update xnest to version 2:21.1.16-1ubuntu1.2. Update xorg-server-source to version 2:21.1.16-1ubuntu1.2. Update xserver-common to version 2:21.1.16-1ubuntu1.2. Update xserver-xephyr to version 2:21.1.16-1ubuntu1.2. Update xserver-xorg-core to version 2:21.1.16-1ubuntu1.2. Update xserver-xorg-dev to version 2:21.1.16-1ubuntu1.2. Update xserver-xorg-legacy to version 2:21.1.16-1ubuntu1.2. Update xvfb to version 2:21.1.16-1ubuntu1.2. Update xwayland to version 2:24.1.6-1ubuntu0.2.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:19432

ALSA-2025:19434

ALSA-2025:19435

ALSA-2025:19489

ALSA-2025:19909

ALSA-2025:20958

ALSA-2025:20960

ALSA-2025:20961

ALSA-2025:21035

ALT-PU-2025-13709

ALT-PU-2025-13711

AZL-69470

BDU:2025-15933

CESA-2025_19432

CESA-2025_19434

CESA-2025_19909

CVE-2025-62229

DLA-4353-1

DSA-6044-1

INFSA-2025_19432

INFSA-2025_19433

INFSA-2025_19434

INFSA-2025_19489

INFSA-2025_19623

INFSA-2025_19909

INFSA-2025_20958

INFSA-2025_20960

INFSA-2025_20961

MGASA-2025-0263

OPENSUSE-SU-2025:15683-1

OPENSUSE-SU-2025:15684-1

OPENSUSE-SU-2025:20099-1

OPENSUSE-SU-2026:20198-1

RHSA-2025:19432

RHSA-2025:19433

RHSA-2025:19434

RHSA-2025:19435

RHSA-2025:19489

RHSA-2025:19623

RHSA-2025:19909

RHSA-2025:20958

RHSA-2025:20960

RHSA-2025:20961

RHSA-2025:21035

RHSA-2025:22040

RHSA-2025:22041

RHSA-2025:22051

RHSA-2025:22055

RHSA-2025:22056

RHSA-2025:22077

RHSA-2025:22096

RHSA-2025:22164

RHSA-2025:22167

RHSA-2025:22364

RHSA-2025:22365

RHSA-2025:22426

RHSA-2025:22427

RHSA-2025:22667

RHSA-2025:22729

RHSA-2025:22742

RHSA-2025:22753

RHSA-2025_19432

RHSA-2025_19433

RHSA-2025_19434

RHSA-2025_19489

RHSA-2025_19623

RHSA-2025_19909

RHSA-2025_20958

RHSA-2025_20960

RHSA-2025_20961

RHSA-2026:0031

RHSA-2026:0033

RHSA-2026:0034

RHSA-2026:0035

RHSA-2026:0036

SUSE-SU-2025:21149-1

SUSE-SU-2025:3858-1

SUSE-SU-2025:3863-1

SUSE-SU-2025:3864-1

SUSE-SU-2025:3865-1

SUSE-SU-2025:3866-1

SUSE-SU-2025:3872-1

SUSE-SU-2025:3874-1

SUSE-SU-2025:3909-1

SUSE-SU-2025_21149-1

SUSE-SU-2025_3858-1

SUSE-SU-2025_3864-1

SUSE-SU-2025_3865-1

SUSE-SU-2025_3866-1

SUSE-SU-2025_3872-1

SUSE-SU-2025_3909-1

USN-7846-1

ZDI-25-973

Affected Products

Alt Linux

Almalinux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

X.Org Server

CVE-2025-62229

Weakness Enumeration

Related Identifiers

Affected Products

References · 161