vulnerability
Alma Linux: CVE-2025-49180: Important: xorg-x11-server and xorg-x11-server-Xwayland security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Jun 17, 2025 | Jul 1, 2025 | Apr 17, 2026 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Jun 17, 2025
Added
Jul 1, 2025
Modified
Apr 17, 2026
Description
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Solutions
alma-upgrade-tigervncalma-upgrade-tigervnc-iconsalma-upgrade-tigervnc-licensealma-upgrade-tigervnc-selinuxalma-upgrade-tigervnc-serveralma-upgrade-tigervnc-server-minimalalma-upgrade-tigervnc-server-modulealma-upgrade-xorg-x11-server-commonalma-upgrade-xorg-x11-server-develalma-upgrade-xorg-x11-server-sourcealma-upgrade-xorg-x11-server-xdmxalma-upgrade-xorg-x11-server-xephyralma-upgrade-xorg-x11-server-xnestalma-upgrade-xorg-x11-server-xorgalma-upgrade-xorg-x11-server-xvfbalma-upgrade-xorg-x11-server-xwaylandalma-upgrade-xorg-x11-server-xwayland-devel
References
- CVE-2025-49180
- https://attackerkb.com/topics/CVE-2025-49180
- CWE-190
- EUVD-EUVD-2025-18511
- https://errata.almalinux.org/8/ALSA-2025-9305.html
- https://errata.almalinux.org/8/ALSA-2025-9392.html
- https://errata.almalinux.org/9/ALSA-2025-9303.html
- https://errata.almalinux.org/9/ALSA-2025-9306.html
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-18511
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.