- Description
- A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-416
- Hype score
- Not currently trending
⚠️ Vulnerability Alert: https://t.co/IZWDGODegB Server SyncInitTrigger Use-After-Free Local Privilege Escalation Vulnerability 📅 Timeline: Disclosure: 2025-02-25 | Patch Release: Pending 📌 Attribution: Not specified 🆔 cveId: CVE-2025-26601 📊 baseScore: 7.8 📏 cvssMetrics:… ht
@syedaquib77
13 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-26601 🔴 HIGH (7.8) 🏢 Red Hat - Red Hat Enterprise Linux 6 🏗️ None 🔗 https://t.co/CbH50K6vn2 🔗 https://t.co/1mvqhGF57J #CyberCron #VulnAlert @RedHat https://t.co/bi10ZCYuX1
@cybercronai
27 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-26601 - https://t.co/Ni6wH8uSXJ and Xwayland - HIGH 🚨 🗓️ Date published 2025-02-25 16:15:39 UTC #X.OrgandXwayland #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/Au1Xpy2Jqb
@vulns_space
25 Feb 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26601 A use-after-free flaw was found in https://t.co/NfcYnrk5RQ and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger v… https://t.co/gr2H1fDJYK
@CVEnew
25 Feb 2025
227 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79A8316C-BA22-441E-92AF-415AFABCEB76"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "858025BB-24A3-42C3-B157-486862B37124"
},
{
"criteria": "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
],
"operator": "OR"
}
]
}
]