AZL-57411

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57411.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-57411

Upstream

CVE-2025-26601

Published

2025-02-25T16:15:39Z

Modified

2026-04-01T05:19:07.731506Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2025-26601 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-1

Details

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-26601

Affected packages

Azure Linux:3 / xorg-x11-server-Xwayland

Package

Name: xorg-x11-server-Xwayland
Purl: pkg:rpm/azure-linux/xorg-x11-server-Xwayland

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.1.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57411.json"