AZL-57327

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57327.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-57327

Upstream

CVE-2025-26598

Published

2025-02-25T16:15:38Z

Modified

2026-04-01T05:19:06.132305Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2025-26598 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-1

Details

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-26598

Affected packages

Azure Linux:3 / xorg-x11-server-Xwayland

Package

Name: xorg-x11-server-Xwayland
Purl: pkg:rpm/azure-linux/xorg-x11-server-Xwayland

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.1.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57327.json"