CVE-2025-26598

CWE-787 — Out-of-bounds Write11 documents9 sources

Severity

7.8HIGH

EPSS

0.0%

top 93.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org X Server X.org Xwayland Redhat Enterprise Linux

Timeline

PublishedFeb 25

Latest updateMar 17

Description

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDx.org/xwayland< 24.1.6

▶Debianxwayland< 2:24.1.6-1+1

▶NVDx.org/x_server< 21.1.16

▶Debianxorg-server< 2:1.20.11-1+deb11u15+3

Also affects: Enterprise Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

CVEList

Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()↗2025-02-25

▶

GHSA

GHSA-c28h-3w95-v6xg: An out-of-bounds write flaw was found in X↗2025-02-25

▶

OSV

CVE-2025-26598: An out-of-bounds write flaw was found in X↗2025-02-25

▶

📋Vendor Advisories

Ubuntu

X.Org X Server regression↗2025-03-17

▶

Ubuntu

X.Org X Server vulnerabilities↗2025-03-10

▶

BSD

OpenBSD 7.5 Errata 018: SECURITY FIX↗2025-02-25

▶

Ubuntu

X.Org X Server vulnerabilities↗2025-02-25

▶

Red Hat

xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient()↗2025-02-25

▶