Use-After-Free Flaw in X.Org and Xwayland Affects Global Cursor Handling
CVE-2025-26594

7.8HIGH

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Vendor
CVE Published:
25 February 2025

What is CVE-2025-26594?

A use-after-free vulnerability exists in X.Org and Xwayland due to improper management of the root cursor as a global variable. When a client improperly frees the root cursor, it leads to references pointing to deallocated memory. This inconsistency could be exploited, potentially leading to unexpected behavior or security breaches. It is critical for users and administrators to audit their systems for this vulnerability to mitigate possible risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2025:2500
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2502
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2861
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.