Use-After-Free Vulnerability in X.Org and Xwayland Software
CVE-2025-26601

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 25 February 2025

Summary

A use-after-free flaw exists within the X.Org and Xwayland software. This vulnerability arises during the process of changing alarm settings, where change mask values are incrementally evaluated. If an error occurs during this evaluation, the function exits prematurely, failing to create the necessary new sync object. As a consequence, a scenario may occur where the alarm fires improperly, leading to potential memory access violations and unexpected behavior, which can severely compromise system stability and security.

References

https://access.redhat.com/security/cve/CVE-2025-26601

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2345251

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 12, 2025