PT-2025-7897 · X.Org+12 · X.Org+12

Published

2025-02-25

·

Updated

2025-07-10

·

CVE-2025-26599

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions X.Org and Xwayland (affected versions not specified)
Description An issue was found where the function compCheckRedirect() may fail to allocate the backing pixmap, leading to a BadAlloc error. This error occurs without validating the window tree marked just before, resulting in partly initialized validated data and the potential use of an uninitialized pointer later.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Access of Uninitialized Pointer

Weakness Enumeration

CWE-824

Related Identifiers

ALSA-2025:2500
ALSA-2025:2502
ALSA-2025:7163
ALSA-2025:7165
ALT-PU-2025-3550
ALT-PU-2025-3552
AZL-57298
AZL-57318
AZL-57446
BDU:2025-04530
CESA-2025_2502
CVE-2025-26599
DLA-4072-1
DSA-5872-1
INFSA-2025_2500
INFSA-2025_2502
INFSA-2025_7163
INFSA-2025_7165
MGASA-2025-0086
OESA-2025-1429
OPENSUSE-SU-2025:14841-1
OPENSUSE-SU-2025:14842-1
OPENSUSE-SU-2025_0729-1
OPENSUSE-SU-2025_0730-1
OPENSUSE-SU-2025_0731-1
OPENSUSE-SU-2025_0732-1
RHSA-2025:2500
RHSA-2025:2502
RHSA-2025:2861
RHSA-2025:2862
RHSA-2025:2865
RHSA-2025:2866
RHSA-2025:2873
RHSA-2025:2874
RHSA-2025:2875
RHSA-2025:2879
RHSA-2025:2880
RHSA-2025:3976
RHSA-2025:7163
RHSA-2025:7165
RHSA-2025:7458
RHSA-2025_2500
RHSA-2025_2502
RHSA-2025_7163
RHSA-2025_7165
ROSA-SA-2025-2870
ROSA-SA-2025-2871
SUSE-SU-2025:0729-1
SUSE-SU-2025:0730-1
SUSE-SU-2025:0731-1
SUSE-SU-2025:0732-1
SUSE-SU-2025:0733-1
SUSE-SU-2025:0734-1
USN-7299-1
USN-7299-2
USN-7299-3
USN-7299-4
ZDI-25-138

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
X.Org
Xwayland