{"id":"CVE-2025-62229","summary":"Xorg: xmayland: use-after-free in xpresentnotify structure creation","details":"A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.","modified":"2026-06-18T03:56:33.831129584Z","published":"2025-10-30T05:28:48.131Z","related":["ALSA-2025:19432","ALSA-2025:19434","ALSA-2025:19435","ALSA-2025:19489","ALSA-2025:19909","ALSA-2025:20958","ALSA-2025:20960","ALSA-2025:20961","ALSA-2025:21035","SUSE-SU-2025:21149-1","SUSE-SU-2025:3858-1","SUSE-SU-2025:3863-1","SUSE-SU-2025:3864-1","SUSE-SU-2025:3865-1","SUSE-SU-2025:3866-1","SUSE-SU-2025:3872-1","SUSE-SU-2025:3874-1","SUSE-SU-2025:3909-1","openSUSE-SU-2025:15683-1","openSUSE-SU-2025:15684-1","openSUSE-SU-2025:20099-1","openSUSE-SU-2026:20198-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62229.json","cwe_ids":["CWE-416"],"cna_assigner":"redhat"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/10/28/7"},{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html"},{"type":"WEB","url":"https://lists.x.org/archives/xorg-announce/2025-October/003635.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19432"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19433"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19434"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19435"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19489"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19623"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19909"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:20958"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:20960"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:20961"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:21035"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22040"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22041"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22051"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22055"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22056"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22077"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22096"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22164"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22167"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22364"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22365"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22426"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22427"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22667"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22729"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22742"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22753"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0031"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0033"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0034"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0035"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0036"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2025-62229"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62229.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62229"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402649"},{"type":"PACKAGE","url":"https://gitlab.freedesktop.org/xorg/xserver"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/xorg/xserver","events":[{"introduced":"2ea973e12f5d954211e1d10085a4c74581b43aca"},{"fixed":"65acc54b7079ad4c01c35ebdde34b3ff9ebd0d2a"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"1.15.0"},{"fixed":"24.1.9"}]}}],"versions":["xwayland-24.1.8","xwayland-24.1.7","xwayland-24.1.6","xwayland-24.1.5","xwayland-24.1.4","xwayland-24.1.3","xwayland-24.1.2","xwayland-24.1.1","xwayland-24.1.0","xwayland-24.0.99.902","xwayland-24.0.99.901","xorg-server-21.0.99.1","xorg-server-1.20.0","xorg-server-1.19.99.905","xorg-server-1.19.99.904","xorg-server-1.19.99.903","xorg-server-1.19.99.902","xorg-server-1.19.99.901","xorg-server-1.19.0","xorg-server-1.18.99.902","xorg-server-1.18.99.901","xorg-server-1.18.99.2","xorg-server-1.18.0","xorg-server-1.17.99.902","xorg-server-1.17.99.901","xorg-server-1.17.0","xorg-server-1.16.99.902","xorg-server-1.16.99.901","xorg-server-1.16.0","xorg-server-1.15.99.904","xorg-server-1.15.99.903","xorg-server-1.15.99.902","xorg-server-1.15.99.901","xorg-server-1.15.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-62229.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H"}]}