Detections
Analytics
AIX : Multiple Vulnerabilities (IJ57128)
high Nessus Plugin ID 299694
Synopsis
The remote AIX host is missing a security patch.Description
The version of AIX installed on the remote host is prior to APAR IJ57128. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ57128 advisory.- A flaw was identified in the X.Org X server's X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
(CVE-2025-62231)
- A flaw was discovered in the X.Org X server's X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect. (CVE-2025-62230)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Please apply the appropriate interim fix per APAR IJ57128.See Also
Plugin Details
Severity: High
ID: 299694
File Name: aix_IJ57128.nasl
Version: 1.1
Type: local
Family: AIX Local Security Checks
Published: 2/20/2026
Updated: 2/20/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2025-62231
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version
Exploit Ease: No known exploits are available
Patch Publication Date: 2/19/2026
Vulnerability Publication Date: 10/29/2025
Reference Information
CVE: CVE-2025-62230, CVE-2025-62231