PT-2025-7893 · X.Org+12 · X.Org+12

Published

2024-11-27

·

Updated

2025-07-10

·

CVE-2025-26595

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions X.Org and Xwayland (affected versions not specified)
Description A buffer overflow flaw was found in the code of the XkbVModMaskText() function, which allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer without checking the bounds of the buffer.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Stack Overflow

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

ALSA-2025:2500
ALSA-2025:2502
ALSA-2025:7163
ALSA-2025:7165
ALT-PU-2025-3550
ALT-PU-2025-3552
AZL-57277
AZL-57378
AZL-57431
BDU:2025-04127
CESA-2025_2502
CVE-2025-26595
DLA-4072-1
DSA-5872-1
INFSA-2025_2500
INFSA-2025_2502
INFSA-2025_7163
INFSA-2025_7165
MGASA-2025-0086
OESA-2025-1256
OESA-2025-1429
OPENSUSE-SU-2025:14838-1
OPENSUSE-SU-2025:14841-1
OPENSUSE-SU-2025:14842-1
OPENSUSE-SU-2025_0729-1
OPENSUSE-SU-2025_0730-1
OPENSUSE-SU-2025_0731-1
OPENSUSE-SU-2025_0732-1
OPENSUSE-SU-2025_0758-1
RHSA-2025:2500
RHSA-2025:2502
RHSA-2025:2861
RHSA-2025:2862
RHSA-2025:2865
RHSA-2025:2866
RHSA-2025:2873
RHSA-2025:2874
RHSA-2025:2875
RHSA-2025:2879
RHSA-2025:2880
RHSA-2025:3976
RHSA-2025:7163
RHSA-2025:7165
RHSA-2025:7458
RHSA-2025_2500
RHSA-2025_2502
RHSA-2025_7163
RHSA-2025_7165
ROSA-SA-2025-2870
ROSA-SA-2025-2871
SUSE-SU-2025:0729-1
SUSE-SU-2025:0730-1
SUSE-SU-2025:0731-1
SUSE-SU-2025:0732-1
SUSE-SU-2025:0733-1
SUSE-SU-2025:0734-1
SUSE-SU-2025:0758-1
SUSE-SU-2025:0818-1
SUSE-SU-2025_0758-1
SUSE-SU-2025_0818-1
USN-7299-1
USN-7299-2
USN-7299-3
USN-7299-4
ZDI-25-142

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
X.Org
Xwayland