AZL-57378

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57378.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-57378

Upstream

CVE-2025-26595

Published

2025-02-25T16:15:38Z

Modified

2026-04-01T05:19:47.927402Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2025-26595 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-1

Details

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-26595

Affected packages

Azure Linux:3 / xorg-x11-server-Xwayland

Package

Name: xorg-x11-server-Xwayland
Purl: pkg:rpm/azure-linux/xorg-x11-server-Xwayland

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.1.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57378.json"