CVE-2025-26599

high

Description

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2345253

https://access.redhat.com/security/cve/CVE-2025-26599

https://access.redhat.com/errata/RHSA-2025:2880

https://access.redhat.com/errata/RHSA-2025:2879

https://access.redhat.com/errata/RHSA-2025:2875

https://access.redhat.com/errata/RHSA-2025:2874

https://access.redhat.com/errata/RHSA-2025:2873

https://access.redhat.com/errata/RHSA-2025:2866

https://access.redhat.com/errata/RHSA-2025:2865

https://access.redhat.com/errata/RHSA-2025:2862

https://access.redhat.com/errata/RHSA-2025:2861

https://access.redhat.com/errata/RHSA-2025:2502

https://access.redhat.com/errata/RHSA-2025:2500

Details

Source: Mitre, NVD

Published: 2025-02-25

Updated: 2025-04-10

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High