A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
https://bugzilla.redhat.com/show_bug.cgi?id=2345248
https://access.redhat.com/security/cve/CVE-2025-26594
https://access.redhat.com/errata/RHSA-2025:2880
https://access.redhat.com/errata/RHSA-2025:2879
https://access.redhat.com/errata/RHSA-2025:2875
https://access.redhat.com/errata/RHSA-2025:2874
https://access.redhat.com/errata/RHSA-2025:2873
https://access.redhat.com/errata/RHSA-2025:2866
https://access.redhat.com/errata/RHSA-2025:2865
https://access.redhat.com/errata/RHSA-2025:2862
https://access.redhat.com/errata/RHSA-2025:2861