CVE-2025-26601

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-26601

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-26601.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-26601

Downstream

AZL-57295

AZL-57411

AZL-57482

BELL-CVE-2025-26601

DEBIAN-CVE-2025-26601

DLA-4072-1

DSA-5872-1

MGASA-2025-0086

OESA-2025-1429

RHSA-2025:2500

RHSA-2025:2502

RHSA-2025:2861

RHSA-2025:2862

RHSA-2025:2865

RHSA-2025:2866

RHSA-2025:2873

RHSA-2025:2874

RHSA-2025:2875

RHSA-2025:2879

RHSA-2025:2880

RHSA-2025:3976

RHSA-2025:7163

RHSA-2025:7165

RHSA-2025:7458

RLSA-2025:2500

RLSA-2025:2502

RLSA-2025:7163

RLSA-2025:7165

RLSA-2025:7458

SUSE-SU-2025:0729-1

SUSE-SU-2025:0730-1

SUSE-SU-2025:0731-1

SUSE-SU-2025:0732-1

SUSE-SU-2025:0733-1

SUSE-SU-2025:0734-1

UBUNTU-CVE-2025-26601

USN-7299-1

USN-7299-2

USN-7299-4

openSUSE-SU-2025:14841-1

openSUSE-SU-2025:14842-1

Related

Published

2025-02-25T15:55:36.775Z

Modified

2026-05-15T11:53:31.985117549Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Xorg: xwayland: use-after-free in syncinittrigger()

Details

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

Database specific

{
    "cwe_ids": [
        "CWE-416"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/26xxx/CVE-2025-26601.json",
    "cna_assigner": "redhat"
}

References

Affected packages