CVE-2025-26598

Published Feb 25, 2025

Last updated 18 days ago

CVSS high 7.8

Overview

Description
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
Source
secalert@redhat.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-787

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-26598 🔴 HIGH (7.8) 🏢 Red Hat - Red Hat Enterprise Linux 6 🏗️ None 🔗 https://t.co/cyqWE5JODb 🔗 https://t.co/BflCsj0d2h #CyberCron #VulnAlert @RedHat https://t.co/hWoEE46Hj5

    @cybercronai

    27 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-26598 An out-of-bounds write flaw was found in https://t.co/NfcYnrk5RQ and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the ma… https://t.co/CRoJNkly63

    @CVEnew

    25 Feb 2025

    262 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References