Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-26601

Опубликовано: 25 фев. 2025
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
Версия до 21.1.16 (исключая)
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
Версия до 24.1.6 (исключая)
Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 18%
0.00058
Низкий

7.8 High

CVSS3

Дефекты

CWE-416
CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2025-26601

CVSS3: 7.8
ubuntu
около 1 года назад

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

redhat логотип

CVE-2025-26601

CVSS3: 7.8
redhat
около 1 года назад

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

msrc логотип

CVE-2025-26601

CVSS3: 7.8
msrc
около 1 месяца назад

Xorg: xwayland: use-after-free in syncinittrigger()

debian логотип

CVE-2025-26601

CVSS3: 7.8
debian
около 1 года назад

A use-after-free flaw was found in X.Org and Xwayland. When changing a ...

github логотип

GHSA-gf8x-6jh7-3mjv

CVSS3: 7.8
github
около 1 года назад

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

EPSS

Процентиль: 18%
0.00058
Низкий

7.8 High

CVSS3

Дефекты

CWE-416
CWE-416