CVE-2025-62230

Name of the Vulnerable Software and Affected Versions X.Org X Server versions 2:21.1.16-1ubuntu1.2 and earlier X.Org X Server (affected versions not specified)

Description The X.Org X Server contains flaws in memory handling and client resource cleanup. Specifically, the X Keyboard (Xkb) extension improperly manages data structures during client disconnections, leading to a use-after-free condition. This can result in memory corruption, a crash, or potentially allow an attacker to gain code execution. The issue occurs when the software frees certain data structures without properly detaching related resources.

Recommendations Update to xnest version 2:21.1.16-1ubuntu1.2 or later. Update to xorg-server-source version 2:21.1.16-1ubuntu1.2 or later. Update to xserver-common version 2:21.1.16-1ubuntu1.2 or later. Update to xserver-xephyr version 2:21.1.16-1ubuntu1.2 or later. Update to xserver-xorg-core version 2:21.1.16-1ubuntu1.2 or later. Update to xserver-xorg-dev version 2:21.1.16-1ubuntu1.2 or later. Update to xserver-xorg-legacy version 2:21.1.16-1ubuntu1.2 or later. Update to xvfb version 2:21.1.16-1ubuntu1.2 or later. Update to xwayland version 2:24.1.6-1ubuntu0.2 or later.