Description

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

INFO

Published Date :

2025-02-25T15:55:36.775Z

Last Modified :

2026-04-06T12:53:35.517Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-26601 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
Tigervnc
  • Tigervnc
X.org
  • X Server
  • Xwayland
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-26601.

URL Resource
https://access.redhat.com/errata/RHSA-2025:2500 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2502 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2861 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2862 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2865 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2866 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2873 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2874 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2875 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2879 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2880 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3976 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7163 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7165 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7458 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-26601 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2345251 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-26601 cve-icon
https://security.netapp.com/advisory/ntap-20250516-0004/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-26601 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact