Vulnerability CVE-2025-26598: Information

Description

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

Severity: HIGH (7.8)

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2025-26598

Published: Feb. 25, 2025

Modified: April 6, 2026

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
tigervnc	sisyphus	1.16.2-alt2	1.16.2-alt2	ALT-PU-2026-8622-1	419847	Fixed
tigervnc	p11	1.16.2-alt2	1.16.2-alt2	ALT-PU-2026-8624-2	419848	Fixed
tigervnc	c10f2	1.16.2-alt2	1.16.2-alt2	ALT-PU-2026-8643-3	419936	Fixed
tigervnc	c9f2	1.16.2-alt2	1.13.1-alt2	ALT-PU-2026-8744-2	420235	Testing
xorg-server	sisyphus	21.1.16-alt1	21.1.23-alt1	ALT-PU-2025-16667-1	376103	Fixed
xorg-server	p11	21.1.16-alt1	21.1.22-alt1	ALT-PU-2025-16471-1	376131	Fixed
xorg-server	p10	1.20.14-alt15	1.20.14-alt19	ALT-PU-2025-3550-3	376143	Fixed
xorg-server	p10_e2k	1.20.14-alt15.E2K.1	1.20.14-alt19.E2K.1	ALT-PU-2025-4776-1	-	Fixed
xorg-server	c10f2	1.20.14-alt15	1.20.14-alt19	ALT-PU-2025-3653-4	376349	Fixed
xorg-xwayland	sisyphus	24.1.6-alt1	24.1.12-alt1	ALT-PU-2025-16899-1	376103	Fixed
xorg-xwayland	p11	24.1.6-alt1	24.1.10-alt1	ALT-PU-2025-16475-1	376131	Fixed
xorg-xwayland	p10	23.1.1-alt7	23.1.1-alt11	ALT-PU-2025-3552-3	376143	Fixed
xorg-xwayland	p10_e2k	23.1.1-alt9	23.1.1-alt11	ALT-PU-2025-13005-1	-	Fixed
xorg-xwayland	c10f2	23.1.1-alt7	23.1.1-alt11	ALT-PU-2025-3655-4	376349	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://access.redhat.com/errata/RHSA-2025:2500	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2502	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2861	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2862	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2865	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2866	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2873	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2874	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2875	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2879	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2880	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:3976
https://access.redhat.com/errata/RHSA-2025:7163
https://access.redhat.com/errata/RHSA-2025:7165
https://access.redhat.com/errata/RHSA-2025:7458
https://access.redhat.com/security/cve/CVE-2025-26598	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2345254	Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html
BDU:2025-03976	BDU

Affected configurations:
1. cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
  cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
  End excluding
  21.1.16
  cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
  End excluding
  24.1.6
  cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Version: v26.6.1