{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2023-1393: fix use-after-free in compositor overlay window by clearing\n dangling COW pointer\n- CVE-2024-31080: prevent heap over-read in ProcXIGetSelectedEvents() caused\n by using byte-swapped length values in replies.\n- CVE-2024-31081: fix buffer over-read in ProcXIPassiveGrabDevice by using correct\n unswapped length for replies\n- CVE-2025-26600: fix use-after-free by clearing pending events when\n removing a frozen device", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1763651916.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916" } ], "tracking": { "current_release_date": "2026-02-16T09:50:08Z", "generator": { "date": "2026-02-16T09:50:08Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1763651916", "initial_release_date": "2025-11-20T15:19:40Z", "revision_history": [ { "date": "2025-11-20T15:19:40Z", "number": "1", "summary": "Initial version" }, { "date": "2026-02-16T09:50:08Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "xorg-x11-server-Xwayland: Fix of 4 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "product": { "name": "xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "product_id": "xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/xorg-x11-server-Xwayland@21.1.3-7.el9.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64", "product": { "name": "xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64", "product_id": "xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/xorg-x11-server-Xwayland-devel@21.1.3-7.el9.tuxcare.els9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "product": { "name": "xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "product_id": "xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/xorg-x11-server-Xwayland@21.1.3-7.el9.tuxcare.els9?arch=i686" } } }, { "category": "product_version", "name": "xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "product": { "name": "xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "product_id": "xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/xorg-x11-server-Xwayland-devel@21.1.3-7.el9.tuxcare.els9?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64" }, "product_reference": "xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686" }, "product_reference": "xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686" }, "product_reference": "xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" }, "product_reference": "xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-26601", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-26601" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2500", "url": "https://access.redhat.com/errata/RHSA-2025:2500" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2502", "url": "https://access.redhat.com/errata/RHSA-2025:2502" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2861", "url": "https://access.redhat.com/errata/RHSA-2025:2861" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2862", "url": "https://access.redhat.com/errata/RHSA-2025:2862" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2865", "url": "https://access.redhat.com/errata/RHSA-2025:2865" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2866", "url": "https://access.redhat.com/errata/RHSA-2025:2866" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2873", "url": "https://access.redhat.com/errata/RHSA-2025:2873" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2874", "url": "https://access.redhat.com/errata/RHSA-2025:2874" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2875", "url": "https://access.redhat.com/errata/RHSA-2025:2875" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2879", "url": "https://access.redhat.com/errata/RHSA-2025:2879" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2880", "url": "https://access.redhat.com/errata/RHSA-2025:2880" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:7163", "url": "https://access.redhat.com/errata/RHSA-2025:7163" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:7165", "url": "https://access.redhat.com/errata/RHSA-2025:7165" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:7458", "url": "https://access.redhat.com/errata/RHSA-2025:7458" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-26601", "url": "https://access.redhat.com/security/cve/CVE-2025-26601" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2345251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345251" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html", "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20250516-0004/", "url": "https://security.netapp.com/advisory/ntap-20250516-0004/" } ], "release_date": "2025-02-25T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-20T15:18:38.020131Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916", "product_ids": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-49180", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-49180" } ], "release_date": "2025-06-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-20T15:18:38.020131Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916", "product_ids": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-26600", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-26600" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2500", "url": "https://access.redhat.com/errata/RHSA-2025:2500" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2502", "url": "https://access.redhat.com/errata/RHSA-2025:2502" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2861", "url": "https://access.redhat.com/errata/RHSA-2025:2861" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2862", "url": "https://access.redhat.com/errata/RHSA-2025:2862" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2865", "url": "https://access.redhat.com/errata/RHSA-2025:2865" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2866", "url": "https://access.redhat.com/errata/RHSA-2025:2866" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2873", "url": "https://access.redhat.com/errata/RHSA-2025:2873" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2874", "url": "https://access.redhat.com/errata/RHSA-2025:2874" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2875", "url": "https://access.redhat.com/errata/RHSA-2025:2875" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2879", "url": "https://access.redhat.com/errata/RHSA-2025:2879" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:2880", "url": "https://access.redhat.com/errata/RHSA-2025:2880" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:7163", "url": "https://access.redhat.com/errata/RHSA-2025:7163" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:7165", "url": "https://access.redhat.com/errata/RHSA-2025:7165" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:7458", "url": "https://access.redhat.com/errata/RHSA-2025:7458" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-26600", "url": "https://access.redhat.com/security/cve/CVE-2025-26600" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2345252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345252" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html", "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20250516-0005/", "url": "https://security.netapp.com/advisory/ntap-20250516-0005/" } ], "release_date": "2025-02-25T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-20T15:18:38.020131Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916", "product_ids": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-1393", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-1393" }, { "category": "external", "summary": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110", "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNQYHUI63DB5FHK6EOI3Z4C6YQZGZKI/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNQYHUI63DB5FHK6EOI3Z4C6YQZGZKI/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3EVO3OQV6T4BSABWZ2TU3PY5TJTEQZ2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3EVO3OQV6T4BSABWZ2TU3PY5TJTEQZ2/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEHSYYFGBN3G4RS2HJXKQ5NBMOAZ5F2F/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEHSYYFGBN3G4RS2HJXKQ5NBMOAZ5F2F/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NOYATGGPMT3COC7ELAJW5TG2PVS3AFR2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NOYATGGPMT3COC7ELAJW5TG2PVS3AFR2/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PSAAGI5V77FQXIT5PP4URP6BYQVCK5U5/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PSAAGI5V77FQXIT5PP4URP6BYQVCK5U5/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHJMSMK7G4GPLMKIGKXIOL2RTKU5VFWE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHJMSMK7G4GPLMKIGKXIOL2RTKU5VFWE/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SW2NRC3V53PIBXFPFBVWCOM2MDDILWQS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SW2NRC3V53PIBXFPFBVWCOM2MDDILWQS/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFUDSBSABRHQOX6TIQ5O3SNPFTPFQQP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFUDSBSABRHQOX6TIQ5O3SNPFTPFQQP/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202305-30", "url": "https://security.gentoo.org/glsa/202305-30" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2023/03/29/1", "url": "https://www.openwall.com/lists/oss-security/2023/03/29/1" } ], "release_date": "2023-03-30T21:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-20T15:18:38.020131Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916", "product_ids": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-31081", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "description", "text": "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-31081" } ], "release_date": "2024-04-03T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-20T15:18:38.020131Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916", "product_ids": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-31080", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "description", "text": "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-31080" } ], "release_date": "2024-04-03T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-20T15:18:38.020131Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916", "product_ids": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763651916" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-0:21.1.3-7.el9.tuxcare.els9.x86_64", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.i686", "AlmaLinux-9.2:xorg-x11-server-Xwayland-devel-0:21.1.3-7.el9.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }