CVE-2025-62231
Publication date 28 October 2025
Last updated 5 November 2025
Ubuntu priority
Description
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| xorg | 25.10 questing |
Not affected
|
| 25.04 plucky |
Not affected
|
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| xorg-server | 25.10 questing |
Fixed 2:21.1.18-1ubuntu1.1
|
| 25.04 plucky |
Fixed 2:21.1.16-1ubuntu1.2
|
|
| 24.04 LTS noble |
Fixed 2:21.1.12-1ubuntu1.5
|
|
| 22.04 LTS jammy |
Fixed 2:21.1.4-2ubuntu1.7~22.04.16
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
|
| xwayland | 25.10 questing |
Fixed 2:24.1.6-1ubuntu1.1
|
| 25.04 plucky |
Fixed 2:24.1.6-1ubuntu0.2
|
|
| 24.04 LTS noble |
Fixed 2:23.2.6-1ubuntu0.7
|
|
| 22.04 LTS jammy |
Fixed 2:22.1.1-1ubuntu0.20
|
|
| xorg-server-hwe-16.04 | 25.10 questing | Not in release |
| 25.04 plucky | Not in release | |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 16.04 LTS xenial |
Needs evaluation
|
|
| xorg-server-hwe-18.04 | 25.10 questing | Not in release |
| 25.04 plucky | Not in release | |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| xorg-hwe-16.04 | 25.10 questing | Not in release |
| 25.04 plucky | Not in release | |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 16.04 LTS xenial |
Not affected
|
|
| xorg-hwe-18.04 | 25.10 questing | Not in release |
| 25.04 plucky | Not in release | |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic |
Not affected
|
Notes
mdeslaur
xorg server is actually the xorg-server package the xorg package only contains docs xwayland package contains parts of xorg-server
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.3 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | Low |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-7846-1
- X.Org X Server vulnerabilities
- 29 October 2025