PT-2025-7899 · X.Org+12 · X.Org+12

Published

2025-02-25

·

Updated

2025-07-10

·

CVE-2025-26601

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions X.Org and Xwayland (affected versions not specified)
Description A use-after-free flaw was found in the software. The issue occurs when changing an alarm, where the values of the change mask are evaluated one after the other. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:2500
ALSA-2025:2502
ALSA-2025:7163
ALSA-2025:7165
ALT-PU-2025-3550
ALT-PU-2025-3552
AZL-57295
AZL-57411
AZL-57482
BDU:2025-04569
CESA-2025_2502
CVE-2025-26601
DLA-4072-1
DSA-5872-1
INFSA-2025_2500
INFSA-2025_2502
INFSA-2025_7163
INFSA-2025_7165
MGASA-2025-0086
OESA-2025-1429
OPENSUSE-SU-2025:14841-1
OPENSUSE-SU-2025:14842-1
OPENSUSE-SU-2025_0729-1
OPENSUSE-SU-2025_0730-1
OPENSUSE-SU-2025_0731-1
OPENSUSE-SU-2025_0732-1
RHSA-2025:2500
RHSA-2025:2502
RHSA-2025:2861
RHSA-2025:2862
RHSA-2025:2865
RHSA-2025:2866
RHSA-2025:2873
RHSA-2025:2874
RHSA-2025:2875
RHSA-2025:2879
RHSA-2025:2880
RHSA-2025:3976
RHSA-2025:7163
RHSA-2025:7165
RHSA-2025:7458
RHSA-2025_2500
RHSA-2025_2502
RHSA-2025_7163
RHSA-2025_7165
ROSA-SA-2025-2870
ROSA-SA-2025-2871
SUSE-SU-2025:0729-1
SUSE-SU-2025:0730-1
SUSE-SU-2025:0731-1
SUSE-SU-2025:0732-1
SUSE-SU-2025:0733-1
SUSE-SU-2025:0734-1
USN-7299-1
USN-7299-2
USN-7299-3
USN-7299-4
ZDI-25-136

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
X.Org
Xwayland