A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
2025-02-25T16:15:38.227
2025-05-13T20:15:26.200
Modified
CVSSv3.1: 7.8 (HIGH)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | tigervnc | tigervnc | - | Yes |
Application | x.org | x_server | < 21.1.16 | Yes |
Application | x.org | xwayland | < 24.1.6 | Yes |
Operating System | redhat | enterprise_linux | 7.0 | Yes |
Operating System | redhat | enterprise_linux | 8.0 | Yes |
Operating System | redhat | enterprise_linux | 9.0 | Yes |