CVE-2025-62231
Public on 2025-10-30
Modified on 2025-11-03
Description
The XkbCompatMap structure stores some of its values using an unsigned short, but fails to check whether the sum of the input data might overflow the maximum unsigned short value
Introduced in: X11R6
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49
NOTE: https://lists.x.org/archives/xorg-announce/2025-October/003635.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49acd0e55bc0b089ed77f732ad18585470
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa (xorg-server-21.1.19)
Introduced in: X11R6
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49
NOTE: https://lists.x.org/archives/xorg-announce/2025-October/003635.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49acd0e55bc0b089ed77f732ad18585470
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa (xorg-server-21.1.19)
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | tigervnc | 2025-11-10 | ALAS2-2025-3065 | Fixed |
| Amazon Linux 2023 | tigervnc | 2025-11-10 | ALAS2023-2025-1267 | Fixed |
| Amazon Linux 2 - Core | xorg-x11-server | 2025-11-10 | ALAS2-2025-3066 | Fixed |
| Amazon Linux 2023 | xorg-x11-server | 2025-11-10 | ALAS2023-2025-1269 | Fixed |
| Amazon Linux 2023 | xorg-x11-server-Xwayland | 2025-11-10 | ALAS2023-2025-1268 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |