CVE-2025-26595

Name
CVE-2025-26595
Description
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-26595
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2345257
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2500
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2502
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2862
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2865
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2874
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2875
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2861
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2866
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2873
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2879
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2880
vendor-advisory https://access.redhat.com/errata/RHSA-2025:7163
vendor-advisory https://access.redhat.com/errata/RHSA-2025:7165
vendor-advisory https://access.redhat.com/errata/RHSA-2025:7458

Match rules

CPE URI Source package Min version Max version
shopxo >= 0 < 21.1.16
shopxo >= 22.0.0 < 24.1.6
cpe:/o:redhat:enterprise_linux:10.0 shopxo >= 0:24.1.5-3.el10_0 < *
cpe:/o:redhat:rhel_els:7 shopxo >= 0:1.8.0-36.el7_9 < *
cpe:/o:redhat:rhel_els:7 shopxo >= 0:1.20.4-30.el7_9 < *
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 0:1.13.1-15.el8_10 < *
cpe:/a:redhat:rhel_aus:8.2::appstream shopxo >= 0:1.9.0-15.el8_2.13 < *
cpe:/a:redhat:rhel_aus:8.4::appstream shopxo >= 0:1.11.0-8.el8_4.12 < *
cpe:/a:redhat:rhel_tus:8.6::appstream shopxo >= 0:1.12.0-6.el8_6.13 < *
cpe:/a:redhat:rhel_eus:8.8::appstream shopxo >= 0:1.12.0-15.el8_8.12 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:1.14.1-1.el9_5.1 < *
cpe:/a:redhat:enterprise_linux:9::crb shopxo >= 0:1.20.11-28.el9_6 < *
cpe:/a:redhat:enterprise_linux:9::crb shopxo >= 0:23.2.7-3.el9_6 < *
cpe:/a:redhat:rhel_e4s:9.0::appstream shopxo >= 0:1.11.0-22.el9_0.13 < *
cpe:/a:redhat:rhel_eus:9.2::appstream shopxo >= 0:1.12.0-14.el9_2.10 < *
cpe:/a:redhat:rhel_eus:9.4::appstream shopxo >= 0:1.13.1-8.el9_4.5 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xwayland edge-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xwayland 3.22-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xwayland 3.21-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xorg-server edge-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xorg-server 3.22-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xorg-server 3.21-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed