CVE-2025-26601

high

Description

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2345251

https://access.redhat.com/security/cve/CVE-2025-26601

https://access.redhat.com/errata/RHSA-2025:2880

https://access.redhat.com/errata/RHSA-2025:2879

https://access.redhat.com/errata/RHSA-2025:2875

https://access.redhat.com/errata/RHSA-2025:2874

https://access.redhat.com/errata/RHSA-2025:2873

https://access.redhat.com/errata/RHSA-2025:2866

https://access.redhat.com/errata/RHSA-2025:2865

https://access.redhat.com/errata/RHSA-2025:2862

https://access.redhat.com/errata/RHSA-2025:2861

https://access.redhat.com/errata/RHSA-2025:2502

https://access.redhat.com/errata/RHSA-2025:2500

Details

Source: Mitre, NVD

Published: 2025-02-25

Updated: 2025-03-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High