Описание
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
Отчет
The Red Hat Product Security team has rated this vulnerability as Moderate for default RHEL 8 and 9, where the X.Org server does not run with root privileges.For RHEL 7, TigerVNC-as-root, or SSH X11-forwarded environments, the impact is considered High due to the potential for local privilege escalation or remote code execution, as it can be exploited remotely to cause denial of service through crafted keyboard mapping requests. Successful exploitation could crash the X server but is not likely to lead to code execution.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | xorg-x11-server | Out of support scope | ||
| Red Hat Enterprise Linux 10 | xorg-x11-server-Xwayland | Fixed | RHSA-2025:19435 | 03.11.2025 |
| Red Hat Enterprise Linux 10 | xorg-x11-server-Xwayland | Fixed | RHSA-2025:21035 | 11.11.2025 |
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | tigervnc | Fixed | RHSA-2025:22667 | 03.12.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | xorg-x11-server | Fixed | RHSA-2025:22040 | 25.11.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | tigervnc | Fixed | RHSA-2025:22096 | 25.11.2025 |
| Red Hat Enterprise Linux 8 | xorg-x11-server-Xwayland | Fixed | RHSA-2025:19432 | 03.11.2025 |
| Red Hat Enterprise Linux 8 | xorg-x11-server | Fixed | RHSA-2025:19434 | 03.11.2025 |
| Red Hat Enterprise Linux 8 | tigervnc | Fixed | RHSA-2025:19909 | 06.11.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | tigervnc | Fixed | RHSA-2025:22077 | 25.11.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
A flaw was identified in the X.Org X server\u2019s X Keyboard (Xkb) ex ...
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
EPSS
7.3 High
CVSS3