CVE-2025-62229: Use After Free in X.Org Xwayland
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
AI Analysis
Technical Summary
The vulnerability CVE-2025-62229 exists in X.Org's Xwayland component, specifically in the handling of X11 Present extension notifications. Improper error handling can leave dangling pointers, resulting in a use-after-free condition. This can cause memory corruption or crashes, with potential for arbitrary code execution or denial of service. The issue affects Xwayland version 1.15.0. Red Hat's security advisories RHSA-2025:19432 and RHSA-2025:19433 describe the vulnerability and provide updated packages for Red Hat Enterprise Linux 8 and 9 to remediate the issue.
Potential Impact
The vulnerability can lead to memory corruption or application crashes in Xwayland, which may allow an attacker with local privileges to execute arbitrary code or cause denial of service. The CVSS v3.1 base score is 7.3 (High), with attack vector Local, low attack complexity, low privileges required, no user interaction, unchanged scope, low confidentiality impact, high integrity and availability impact. Red Hat rates the security impact as Moderate in their advisories.
Mitigation Recommendations
Official patches are available from Red Hat for affected versions of Red Hat Enterprise Linux 8 and 9. Users should apply the security updates described in advisories RHSA-2025:19432 and RHSA-2025:19433. The advisories provide detailed instructions and updated package versions. Applying these updates will remediate the vulnerability. No additional mitigation steps are indicated by the vendor.
CVE-2025-62229: Use After Free in X.Org Xwayland
Description
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-62229 exists in X.Org's Xwayland component, specifically in the handling of X11 Present extension notifications. Improper error handling can leave dangling pointers, resulting in a use-after-free condition. This can cause memory corruption or crashes, with potential for arbitrary code execution or denial of service. The issue affects Xwayland version 1.15.0. Red Hat's security advisories RHSA-2025:19432 and RHSA-2025:19433 describe the vulnerability and provide updated packages for Red Hat Enterprise Linux 8 and 9 to remediate the issue.
Potential Impact
The vulnerability can lead to memory corruption or application crashes in Xwayland, which may allow an attacker with local privileges to execute arbitrary code or cause denial of service. The CVSS v3.1 base score is 7.3 (High), with attack vector Local, low attack complexity, low privileges required, no user interaction, unchanged scope, low confidentiality impact, high integrity and availability impact. Red Hat rates the security impact as Moderate in their advisories.
Mitigation Recommendations
Official patches are available from Red Hat for affected versions of Red Hat Enterprise Linux 8 and 9. Users should apply the security updates described in advisories RHSA-2025:19432 and RHSA-2025:19433. The advisories provide detailed instructions and updated package versions. Applying these updates will remediate the vulnerability. No additional mitigation steps are indicated by the vendor.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2025-10-09T04:46:44.074Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2025:19432","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:19433","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:19434","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:19435","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:19489","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:19623","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:19909","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:20958","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:20960","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:20961","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:21035","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22040","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22041","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22051","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22055","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22056","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22077","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22096","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22164","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22167","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22364","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22365","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22426","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22427","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22667","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22729","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22742","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22753","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:0031","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:0033","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:0034","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:0035","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:0036","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2025-62229","vendor":"Red Hat"}]
Threat ID: 69030287a36935f67201749b
Added to database: 10/30/2025, 6:15:35 AM
Last enriched: 4/21/2026, 5:47:28 AM
Last updated: 5/10/2026, 1:11:06 AM
Views: 264
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.