Description

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

INFO

Published Date :

2025-02-25T15:54:57.355Z

Last Modified :

2026-04-06T12:53:25.158Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-26598 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
Tigervnc
  • Tigervnc
X.org
  • X Server
  • Xwayland
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-26598.

URL Resource
https://access.redhat.com/errata/RHSA-2025:2500 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2502 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2861 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2862 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2865 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2866 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2873 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2874 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2875 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2879 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2880 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3976 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7163 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7165 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7458 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-26598 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2345254 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-26598 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-26598 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact