CVE-2025-26598

Published Feb 25, 2025

Last updated 4 months ago

CVSS high 7.8

Overview

Description
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
Source
secalert@redhat.com
NVD status
Modified
Products
tigervnc, x_server, xwayland, enterprise_linux

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-787
nvd@nist.gov
CWE-787

Social media

Hype score
Not currently trending

  1. ๐Ÿšจ CVE-2025-26598 ๐Ÿ”ด HIGH (7.8) ๐Ÿข Red Hat - Red Hat Enterprise Linux 6 ๐Ÿ—๏ธ None ๐Ÿ”— https://t.co/cyqWE5JODb ๐Ÿ”— https://t.co/BflCsj0d2h #CyberCron #VulnAlert @RedHat https://t.co/hWoEE46Hj5

    @cybercronai

    27 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-26598 An out-of-bounds write flaw was found in https://t.co/NfcYnrk5RQ and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the maโ€ฆ https://t.co/CRoJNkly63

    @CVEnew

    25 Feb 2025

    262 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.โ€ขCVE-2026-26104
  2. A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.โ€ขCVE-2026-26103
  3. A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.โ€ขCVE-2025-14512
  4. A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.โ€ขCVE-2025-14087
  5. A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).โ€ขCVE-2025-9784

References

Sources include official advisories and independent security research.