CVE-2025-26600

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-26600
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2025:2500 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2502 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2861 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2862 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2865 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2866 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2873 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2874 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2875 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2879 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2880 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2025-26600 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2345252 Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
History

10 Apr 2025, 20:24

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2025:2500 - () https://access.redhat.com/errata/RHSA-2025:2500 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2502 - () https://access.redhat.com/errata/RHSA-2025:2502 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2861 - () https://access.redhat.com/errata/RHSA-2025:2861 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2862 - () https://access.redhat.com/errata/RHSA-2025:2862 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2865 - () https://access.redhat.com/errata/RHSA-2025:2865 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2866 - () https://access.redhat.com/errata/RHSA-2025:2866 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2873 - () https://access.redhat.com/errata/RHSA-2025:2873 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2874 - () https://access.redhat.com/errata/RHSA-2025:2874 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2875 - () https://access.redhat.com/errata/RHSA-2025:2875 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2879 - () https://access.redhat.com/errata/RHSA-2025:2879 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:2880 - () https://access.redhat.com/errata/RHSA-2025:2880 - Third Party Advisory

17 Mar 2025, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2861 -
  • () https://access.redhat.com/errata/RHSA-2025:2866 -
  • () https://access.redhat.com/errata/RHSA-2025:2873 -
  • () https://access.redhat.com/errata/RHSA-2025:2879 -
  • () https://access.redhat.com/errata/RHSA-2025:2880 -

17 Mar 2025, 03:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2865 -
  • () https://access.redhat.com/errata/RHSA-2025:2874 -
  • () https://access.redhat.com/errata/RHSA-2025:2875 -

17 Mar 2025, 02:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2862 -

10 Mar 2025, 13:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:2500 -
  • () https://access.redhat.com/errata/RHSA-2025:2502 -

04 Mar 2025, 17:22

Type Values Removed Values Added
First Time Redhat enterprise Linux
Tigervnc tigervnc
Tigervnc
X.org
Redhat
X.org x Server
X.org xwayland
CPE cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*
References () https://access.redhat.com/security/cve/CVE-2025-26600 - () https://access.redhat.com/security/cve/CVE-2025-26600 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2345252 - () https://bugzilla.redhat.com/show_bug.cgi?id=2345252 - Issue Tracking
Summary
  • (es) Se encontró una falla de use-after-free en X.Org y Xwayland. Cuando se elimina un dispositivo mientras aún está congelado, los eventos en cola para ese dispositivo permanecen mientras se libera el dispositivo. La reproducción de los eventos provocará un use-after-free.

25 Feb 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-25 16:15

Updated : 2025-04-10 20:24

NVD link : CVE-2025-26600

Mitre link : CVE-2025-26600

CVE.ORG link : CVE-2025-26600

JSON object : View

Products Affected

x.org

  • xwayland
  • x_server

tigervnc

  • tigervnc

redhat

  • enterprise_linux
CWE
CWE-416

Use After Free