CVE-2025-26599

Name
CVE-2025-26599
Description
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-26599
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2345253
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2500
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2502
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2862
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2865
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2874
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2875
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2861
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2866
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2873
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2879
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2880
vendor-advisory https://access.redhat.com/errata/RHSA-2025:7163
vendor-advisory https://access.redhat.com/errata/RHSA-2025:7165
vendor-advisory https://access.redhat.com/errata/RHSA-2025:7458
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:3976
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html

Match rules

CPE URI Source package Min version Max version
shopxo >= 0 < 21.1.16
shopxo >= 22.0.0 < 24.1.6
cpe:/o:redhat:enterprise_linux:10.0 shopxo >= 0:24.1.5-3.el10_0 < *
cpe:/o:redhat:rhel_els:7 shopxo >= 0:1.8.0-36.el7_9 < *
cpe:/o:redhat:rhel_els:7 shopxo >= 0:1.20.4-30.el7_9 < *
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 0:1.13.1-15.el8_10 < *
cpe:/a:redhat:rhel_aus:8.2::appstream shopxo >= 0:1.9.0-15.el8_2.13 < *
cpe:/a:redhat:rhel_tus:8.4::appstream shopxo >= 0:1.11.0-8.el8_4.12 < *
cpe:/a:redhat:rhel_tus:8.6::appstream shopxo >= 0:1.12.0-6.el8_6.13 < *
cpe:/a:redhat:rhel_eus:8.8::appstream shopxo >= 0:1.12.0-15.el8_8.12 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:1.14.1-1.el9_5.1 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:1.20.11-28.el9_6 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:23.2.7-3.el9_6 < *
cpe:/a:redhat:rhel_e4s:9.0::appstream shopxo >= 0:1.11.0-22.el9_0.13 < *
cpe:/a:redhat:rhel_eus:9.2::appstream shopxo >= 0:1.12.0-14.el9_2.10 < *
cpe:/a:redhat:rhel_eus:9.4::appstream shopxo >= 0:1.13.1-8.el9_4.5 < *
cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:* tigervnc == None == -

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xwayland edge-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xwayland 3.22-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xwayland 3.21-community 24.1.6-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
xorg-server edge-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xorg-server 3.22-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xorg-server 3.21-community 21.1.16-r0 Natanael Copa <ncopa@alpinelinux.org> fixed