CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-26598: Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()

Description

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

Classification

CVE ID: CVE-2025-26598

Problem Types

Out-of-bounds Write

Affected Products

Vendor: Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat

Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.54% (scored less or equal to compared to others)

EPSS Date: 2025-03-26 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-26598
https://access.redhat.com/security/cve/CVE-2025-26598
https://bugzilla.redhat.com/show_bug.cgi?id=2345254

Timeline

2025-02-25 16:40:13 UTC
CVE

Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()
2025-03-11 11:45:22 UTC
Tenable Plugins

CBL Mariner 2.0 Security Update: xorg-x11-server (CVE-2025-26598)