Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26599

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.

Published

2025-02-25T16:15:39.163

Last Modified

2025-11-03T22:18:42.760

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-824
Type: Primary
CWE-824

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tigervnc	tigervnc	-	Yes
Application	x.org	x_server	< 21.1.16	Yes
Application	x.org	xwayland	< 24.1.6	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes

References

https://access.redhat.com/errata/RHSA-2025:2500 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2502 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2861 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2862 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2865 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2866 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2873 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2874 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2875 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2879 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2880 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:7163 ([email protected])
https://access.redhat.com/errata/RHSA-2025:7165 ([email protected])
https://access.redhat.com/errata/RHSA-2025:7458 ([email protected])
https://access.redhat.com/security/cve/CVE-2025-26599 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2345253 Issue Tracking ([email protected])
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html (af854a3a-2127-422b-91ae-364da2661108)