Xwayland Security Vulnerabilities and Issues — Xwayland CVE List

Lucene search

X.orgXwayland

16 matches found

CVE•added 2024/01/18 5:15 a.m.•371 views

CVE-2023-6816

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading ...

9.8CVSS9.5AI score0.025EPSS

CVE•added 2024/01/18 4:15 p.m.•369 views

CVE-2024-0409

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

7.8CVSS8.1AI score0.00015EPSS

CVE•added 2024/01/18 4:15 p.m.•358 views

CVE-2024-0408

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as...

5.5CVSS6.4AI score0.00019EPSS

CVE•added 2024/02/09 7:16 a.m.•343 views

CVE-2024-0229

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or re...

7.8CVSS8.2AI score0.00406EPSS

CVE•added 2023/10/25 8:15 p.m.•197 views

CVE-2023-5367

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for...

7.8CVSS8.2AI score0.00066EPSS

CVE•added 2023/10/25 8:15 p.m.•192 views

CVE-2023-5380

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the othe...

4.7CVSS6.4AI score0.00082EPSS

CVE•added 2023/12/13 7:15 a.m.•178 views

CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

7.8CVSS8.3AI score0.00423EPSS

CVE•added 2023/12/13 7:15 a.m.•155 views

CVE-2023-6478

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

7.6CVSS7.9AI score0.01045EPSS

CVE•added 2025/02/25 4:15 p.m.•146 views

CVE-2025-26601

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return ea...

7.8CVSS7.7AI score0.00038EPSS

CVE•added 2025/02/25 4:15 p.m.•142 views

CVE-2025-26599

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the val...

7.8CVSS7AI score0.0004EPSS

CVE•added 2025/02/25 4:15 p.m.•128 views

CVE-2025-26600

A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.

7.8CVSS7.1AI score0.00038EPSS

CVE•added 2025/02/25 4:15 p.m.•123 views

CVE-2025-26598

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching de...

7.8CVSS7.4AI score0.0004EPSS

CVE•added 2025/02/25 4:15 p.m.•122 views

CVE-2025-26596

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

7.8CVSS7.5AI score0.0004EPSS

CVE•added 2025/02/25 4:15 p.m.•118 views

CVE-2025-26594

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

7.8CVSS7.1AI score0.0004EPSS

CVE•added 2025/02/25 4:15 p.m.•118 views

CVE-2025-26597

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...

7.8CVSS7.5AI score0.0004EPSS

CVE•added 2025/02/25 4:15 p.m.•111 views

CVE-2025-26595

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

7.8CVSS7.6AI score0.0004EPSS