CVE-2025-26595 — Stack-based Buffer Overflow in Xwayland

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write11 documents9 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org Xwayland X.org X Server +1 more

Timeline

PublishedFeb 25

Latest updateMar 17

Description

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDx.org/xwayland< 24.1.6

▶Debianx.org/xwayland< 2:24.1.6-1+1

▶NVDx.org/x_server< 21.1.16

▶Debianx.org/xorg-server< 2:1.20.11-1+deb11u15+3

Also affects: Enterprise Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

CVEList

Xorg: xwayland: buffer overflow in xkbvmodmasktext()↗2025-02-25

▶

GHSA

GHSA-hp9r-wcfh-72pr: A buffer overflow flaw was found in X↗2025-02-25

▶

OSV

CVE-2025-26595: A buffer overflow flaw was found in X↗2025-02-25

▶

📋Vendor Advisories

Ubuntu

X.Org X Server regression↗2025-03-17

▶

Ubuntu

X.Org X Server vulnerabilities↗2025-03-10

▶

Red Hat

Xorg: xwayland: Buffer overflow in XkbVModMaskText()↗2025-02-25

▶

BSD

OpenBSD 7.5 Errata 018: SECURITY FIX↗2025-02-25

▶

Ubuntu

X.Org X Server vulnerabilities↗2025-02-25

▶