PT-2025-7898 · X.Org+12 · X.Org+12

Published

2025-02-25

·

Updated

2025-07-10

·

CVE-2025-26600

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions X.Org and Xwayland (affected versions not specified)
Description A use-after-free flaw was found in the software. This issue occurs when a device is removed while still frozen, causing events queued for that device to remain after the device is freed. Replaying these events results in a use-after-free.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:2500
ALSA-2025:2502
ALSA-2025:7163
ALSA-2025:7165
ALT-PU-2025-3550
ALT-PU-2025-3552
AZL-57274
AZL-57390
AZL-57468
BDU:2025-04531
CESA-2025_2502
CVE-2025-26600
DLA-4072-1
DSA-5872-1
INFSA-2025_2500
INFSA-2025_2502
INFSA-2025_7163
INFSA-2025_7165
MGASA-2025-0086
OESA-2025-1429
OPENSUSE-SU-2025:14841-1
OPENSUSE-SU-2025:14842-1
OPENSUSE-SU-2025_0729-1
OPENSUSE-SU-2025_0730-1
OPENSUSE-SU-2025_0731-1
OPENSUSE-SU-2025_0732-1
RHSA-2025:2500
RHSA-2025:2502
RHSA-2025:2861
RHSA-2025:2862
RHSA-2025:2865
RHSA-2025:2866
RHSA-2025:2873
RHSA-2025:2874
RHSA-2025:2875
RHSA-2025:2879
RHSA-2025:2880
RHSA-2025:3976
RHSA-2025:7163
RHSA-2025:7165
RHSA-2025:7458
RHSA-2025_2500
RHSA-2025_2502
RHSA-2025_7163
RHSA-2025_7165
ROSA-SA-2025-2870
ROSA-SA-2025-2871
SUSE-SU-2025:0729-1
SUSE-SU-2025:0730-1
SUSE-SU-2025:0731-1
SUSE-SU-2025:0732-1
SUSE-SU-2025:0733-1
SUSE-SU-2025:0734-1
USN-7299-1
USN-7299-2
USN-7299-3
USN-7299-4
ZDI-25-137

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
X.Org
Xwayland