CVE-2025-49177
Published: June 18, 2025Last modified: August 6, 2025
Description
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.1 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | NONE |
| Availability impact | LOW |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L |
Notes
Fixed by https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | xorg-server | Fixed (21.1.18-r0) |
| 25 LTS | xorg-server | Fixed (21.1.18-r0) | |
| Stream | xorg-server | Fixed (21.1.17-r0) |
References
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/security/cve/CVE-2025-49177
- https://bugzilla.redhat.com/show_bug.cgi?id=2369955
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af
- https://www.x.org/wiki/Development/Security/