AZL-57419

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57419.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-57419

Upstream

CVE-2025-26598

Published

2025-02-25T16:15:38Z

Modified

2026-04-01T05:19:07.601920Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2025-26598 affecting package xorg-x11-server for versions less than 1.20.10-15

Details

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-26598

Affected packages

Azure Linux:2 / xorg-x11-server

Package

Name: xorg-x11-server
Purl: pkg:rpm/azure-linux/xorg-x11-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.10-15

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57419.json"