Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26601

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

Published

2025-02-25T16:15:39.537

Last Modified

2025-05-16T23:15:20.047

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-416
Type: Primary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tigervnc	tigervnc	-	Yes
Application	x.org	x_server	< 21.1.16	Yes
Application	x.org	xwayland	< 24.1.6	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes

References

https://access.redhat.com/errata/RHSA-2025:2500 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2502 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2861 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2862 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2865 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2866 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2873 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2874 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2875 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2879 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:2880 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:7163 ([email protected])
https://access.redhat.com/errata/RHSA-2025:7165 ([email protected])
https://access.redhat.com/errata/RHSA-2025:7458 ([email protected])
https://access.redhat.com/security/cve/CVE-2025-26601 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2345251 Issue Tracking ([email protected])
https://security.netapp.com/advisory/ntap-20250516-0004/ (af854a3a-2127-422b-91ae-364da2661108)