fkie_cve-2025-26598
Vulnerability from fkie_nvd
Published
2025-02-25 16:15
Modified
2025-03-17 05:15
Severity ?
Summary
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tigervnc | tigervnc | - | |
| x.org | x_server | - | |
| x.org | xwayland | - | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*", matchCriteriaId: "79A8316C-BA22-441E-92AF-415AFABCEB76", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*", matchCriteriaId: "858025BB-24A3-42C3-B157-486862B37124", vulnerable: true, }, { criteria: "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*", matchCriteriaId: "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.", }, { lang: "es", value: "Se encontró una falla de escritura fuera de los límites en X.Org y Xwayland. La función GetBarrierDevice() busca el dispositivo puntero en función de su ID de dispositivo y devuelve el valor coincidente, o supuestamente NULL, si no se encuentra ninguna coincidencia. Sin embargo, el código devolverá el último elemento de la lista si no se encuentra ninguna ID de dispositivo coincidente, lo que puede provocar un acceso a la memoria fuera de los límites.", }, ], id: "CVE-2025-26598", lastModified: "2025-03-17T05:15:35.573", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, ], }, published: "2025-02-25T16:15:38.977", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2500", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2502", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2861", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2862", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2865", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2866", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2873", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2874", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2875", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2879", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2025:2880", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2025-26598", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2345254", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "secalert@redhat.com", type: "Secondary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.