CVE-2025-62231

NameCVE-2025-62231
DescriptionA flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4353-1, DSA-6044-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)bullseye2:1.20.11-1+deb11u13vulnerable
bullseye (security)2:1.20.11-1+deb11u17fixed
bookworm2:21.1.7-3+deb12u10vulnerable
bookworm (security)2:21.1.7-3+deb12u11fixed
trixie2:21.1.16-1.3vulnerable
trixie (security)2:21.1.16-1.3+deb13u1fixed
forky, sid2:21.1.20-1fixed
xwayland (PTS)bookworm2:22.1.9-1vulnerable
trixie2:24.1.6-1vulnerable
forky, sid2:24.1.8-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversourcebullseye2:1.20.11-1+deb11u17DLA-4353-1
xorg-serversourcebookworm2:21.1.7-3+deb12u11DSA-6044-1
xorg-serversourcetrixie2:21.1.16-1.3+deb13u1DSA-6044-1
xorg-serversource(unstable)2:21.1.20-1
xwaylandsource(unstable)(unfixed)

Notes

[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
https://lists.x.org/archives/xorg-announce/2025-October/003635.html
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49acd0e55bc0b089ed77f732ad18585470
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa (xorg-server-21.1.19)
Search for package or bug name: Reporting problems