CVE-2025-26594

Name
CVE-2025-26594
Description
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-26594
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2345248
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2500
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2502
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2862
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2865
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2874
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2875
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2861
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2866
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2873
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2879
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:2880
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:7163
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:7165
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:7458

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:* tigervnc == None == -

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xorg-server edge-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xwayland edge-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xorg-server 3.21-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xwayland 3.21-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed