Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-26601

Опубликовано: 25 фев. 2025
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
Версия до 21.1.16 (исключая)
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
Версия до 24.1.6 (исключая)
Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 5%
0.00025
Низкий

7.8 High

CVSS3

Дефекты

CWE-416
CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2025-26601

CVSS3: 7.8
ubuntu
4 месяца назад

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

redhat логотип

CVE-2025-26601

CVSS3: 7.8
redhat
4 месяца назад

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

msrc логотип

CVE-2025-26601

CVSS3: 7.8
msrc
3 месяца назад

Описание отсутствует

debian логотип

CVE-2025-26601

CVSS3: 7.8
debian
4 месяца назад

A use-after-free flaw was found in X.Org and Xwayland. When changing a ...

github логотип

GHSA-gf8x-6jh7-3mjv

CVSS3: 7.8
github
4 месяца назад

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

EPSS

Процентиль: 5%
0.00025
Низкий

7.8 High

CVSS3

Дефекты

CWE-416
CWE-416