Описание
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| xorg-server | fixed | 2:21.1.20-1 | package | |
| xwayland | unfixed | package | ||
| xwayland | ignored | trixie | package | |
| xwayland | ignored | bookworm | package |
Примечания
https://lists.x.org/archives/xorg-announce/2025-October/003635.html
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b13f631b66c20f5bc8db7b68211dcbd1d0
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/554dfabfbc23c3e74997e09c13f5424a60daf9ee (xorg-server-21.1.19)
EPSS
Связанные уязвимости
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
Xorg: xmayland: use-after-free in xpresentnotify structure creation
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
EPSS