X Server 'bytes to ignore' flaw to DoS
CVE-2025-49178 Published on June 17, 2025

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-49178 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Timeline

2025-06-03

Reported to Red Hat.

2025-06-17

Made public. 14 days later.

Weakness Type

Improper Locking

The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Products Associated with CVE-2025-49178

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-49178 are published in these products:

Xorg Server

Red Hat Enterprise Linux (RHEL)

Red Hat Rhel Els

Red Hat Rhel Aus

Red Hat Rhel Eus Long Life

Red Hat Rhel E4s

Red Hat Rhel Tus

Red Hat Rhel Eus

Affected Versions

X.Org xwayland:

Before 24.1.7 is affected.

Red Hat Enterprise Linux 10:

Version 0:24.1.5-4.el10_0 and below * is unaffected.

Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION:

Version 0:1.1.0-25.el6_10.1 and below * is unaffected.

Red Hat Enterprise Linux 7.7 Advanced Update Support:

Version 0:1.8.0-17.el7_7.1 and below * is unaffected.

Red Hat Enterprise Linux 7 Extended Lifecycle Support:

Version 0:1.20.4-32.el7_9 and below * is unaffected.

Red Hat Enterprise Linux 7 Extended Lifecycle Support:

Version 0:1.8.0-36.el7_9.2 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 0:1.20.11-26.el8_10 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 0:21.1.3-18.el8_10 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 0:1.15.0-7.el8_10 and below * is unaffected.

Red Hat Enterprise Linux 8.2 Advanced Update Support:

Version 0:1.9.0-15.el8_2.14 and below * is unaffected.

Red Hat Enterprise Linux 8.2 Advanced Update Support:

Version 0:1.20.6-4.el8_2 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support:

Version 0:1.20.10-2.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support:

Version 0:1.11.0-8.el8_4.13 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On:

Version 0:1.20.10-2.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On:

Version 0:1.11.0-8.el8_4.13 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support:

Version 0:1.12.0-6.el8_6.14 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support:

Version 0:21.1.3-2.el8_6.4 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support:

Version 0:1.20.11-5.el8_6.3 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On:

Version 0:1.12.0-6.el8_6.14 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On:

Version 0:21.1.3-2.el8_6.4 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Telecommunications Update Service:

Version 0:1.12.0-6.el8_6.14 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Telecommunications Update Service:

Version 0:21.1.3-2.el8_6.4 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Telecommunications Update Service:

Version 0:1.20.11-5.el8_6.3 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions:

Version 0:1.12.0-6.el8_6.14 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions:

Version 0:21.1.3-2.el8_6.4 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions:

Version 0:1.20.11-5.el8_6.3 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On:

Version 0:1.20.11-16.el8_8 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On:

Version 0:21.1.3-11.el8_8 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Telecommunications Update Service:

Version 0:1.20.11-16.el8_8 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Telecommunications Update Service:

Version 0:1.12.0-15.el8_8.14 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Telecommunications Update Service:

Version 0:21.1.3-11.el8_8 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions:

Version 0:1.20.11-16.el8_8 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions:

Version 0:1.12.0-15.el8_8.14 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions:

Version 0:21.1.3-11.el8_8 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:1.20.11-31.el9_6 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:23.2.7-4.el9_6 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:1.14.1-8.el9_6 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions:

Version 0:21.1.3-3.el9_0 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions:

Version 0:1.20.11-11.el9_0 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions:

Version 0:1.11.0-22.el9_0.15 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions:

Version 0:21.1.3-8.el9_2 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions:

Version 0:1.20.11-18.el9_2 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions:

Version 0:1.12.0-14.el9_2.12 and below * is unaffected.

Red Hat Enterprise Linux 9.4 Extended Update Support:

Version 0:22.1.9-6.el9_4 and below * is unaffected.

Red Hat Enterprise Linux 9.4 Extended Update Support:

Version 0:1.20.11-26.el9_4 and below * is unaffected.

Red Hat Enterprise Linux 9.4 Extended Update Support:

Version 0:1.13.1-8.el9_4.7 and below * is unaffected.

Red Hat Enterprise Linux 6:

Exploit Probability

EPSS

0.09%

Percentile

25.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

X Server 'bytes to ignore' flaw to DoSCVE-2025-49178 Published on June 17, 2025

Vulnerability Analysis

Timeline

Weakness Type

Improper Locking

Products Associated with CVE-2025-49178

Affected Versions

Exploit Probability

X Server 'bytes to ignore' flaw to DoS
CVE-2025-49178 Published on June 17, 2025