A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
16 May 2025, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
13 May 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
13 May 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
08 May 2025, 16:48
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:* |
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* |
10 Apr 2025, 19:19
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://access.redhat.com/errata/RHSA-2025:2500 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:2502 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:2861 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:2862 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:2865 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:2866 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:2873 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:2874 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:2875 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:2879 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:2880 - Third Party Advisory |
17 Mar 2025, 05:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
17 Mar 2025, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
17 Mar 2025, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
10 Mar 2025, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
04 Mar 2025, 17:22
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://access.redhat.com/security/cve/CVE-2025-26601 - Third Party Advisory | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2345251 - Issue Tracking | |
| Summary |
|
|
| CPE | cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:* cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
|
| First Time |
Tigervnc tigervnc
Tigervnc X.org x Server X.org X.org xwayland Redhat Redhat enterprise Linux |
25 Feb 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-02-25 16:15
Updated : 2025-05-16 23:15
NVD link : CVE-2025-26601
Mitre link : CVE-2025-26601
CVE.ORG link : CVE-2025-26601
JSON object : View
Products Affected
tigervnc
- tigervnc
redhat
- enterprise_linux
x.org
- xwayland
- x_server
CWE
CWE-416
Use After Free