New security advisory released for X.Org X server and Xwayland issues

By Liam Dawe - 28 Oct 2025 at 1:32 pm UTC

Last updated: 28 Oct 2025 at 3:36 pm UTC

Today, an X.Org Security Advisory was sent out that details multiple security issues X.Org X server and Xwayland. Be sure you keep an eye on system updates as distributions get the issues patched.

The advisory was posted to the xorg-announce mailing list from developer Olivier Fourdan that notes "Multiple issues have been found in the X server and Xwayland implementations published by X.Org for which we are releasing security fixes for in xorg-server-21.1.19 and xwayland-24.1.9".

For more information, copied below are the issues from the announcement:

1) CVE-2025-62229: Use-after-free in XPresentNotify structures creation

Using the X11 Present extension, when processing and adding the notifications after presenting a pixmap, if an error occurs, a dangling pointer may be left in the error code path of the function causing a use-after-free when eventually destroying the notification structures later.

Introduced in: Xorg 1.15
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b1
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.

2) CVE-2025-62230: Use-after-free in Xkb client resource removal

When removing the Xkb resources for a client, the function XkbRemoveResourceClient() will free the XkbInterest data associated with the device, but not the resource associated with it.

As a result, when the client terminates, the resource delete function triggers a use-after-free.

Introduced in: X11R6
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/99790a2c
https://gitlab.freedesktop.org/xorg/xserver/-/commit/10c94238
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.

3) CVE-2025-62231: Value overflow in Xkb extension XkbSetCompatMap()

The XkbCompatMap structure stores some of its values using an unsigned short, but fails to check whether the sum of the input data might overflow the maximum unsigned short value.

Introduced in: X11R6
Fixed in: xorg-server-21.1.19 and xwayland-24.1.9
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49
Found by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative.

Article taken from GamingOnLinux.com.

Tags: Security, Misc, Open Source

2 Likes

About the author - Liam Dawe

I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me

Some you may have missed, popular articles from the last month:

RV There Yet? is the latest co-op hit on Steam with plans to get it Steam Deck Verified

DOOM: The Dark Ages gets a major performance upgrade for handhelds - now Steam Deck Verified

Nightdive release definitive PC update for I Have No Mouth, and I Must Scream

Here's what's coming to NVIDIA GeForce NOW during October

All posts need to follow our rules. Please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Readers can also email us for any issues or concerns.

No comments yet!

While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations:

PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!