High severity7.8NVD Advisory· Published Feb 25, 2025· Updated Apr 6, 2026
CVE-2025-26598
CVE-2025-26598
Description
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
49cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords41 versionspkg:rpm/almalinux/tigervncpkg:rpm/almalinux/tigervnc-iconspkg:rpm/almalinux/tigervnc-licensepkg:rpm/almalinux/tigervnc-selinuxpkg:rpm/almalinux/tigervnc-serverpkg:rpm/almalinux/tigervnc-server-minimalpkg:rpm/almalinux/tigervnc-server-modulepkg:rpm/almalinux/xorg-x11-server-commonpkg:rpm/almalinux/xorg-x11-server-develpkg:rpm/almalinux/xorg-x11-server-sourcepkg:rpm/almalinux/xorg-x11-server-Xdmxpkg:rpm/almalinux/xorg-x11-server-Xephyrpkg:rpm/almalinux/xorg-x11-server-Xnestpkg:rpm/almalinux/xorg-x11-server-Xorgpkg:rpm/almalinux/xorg-x11-server-Xvfbpkg:rpm/almalinux/xorg-x11-server-Xwaylandpkg:rpm/almalinux/xorg-x11-server-Xwayland-develpkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/xwayland&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/xwayland&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/xwayland&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
< 1.14.1-1.el9_5.1+ 40 more
- (no CPE)range: < 1.14.1-1.el9_5.1
- (no CPE)range: < 1.14.1-1.el9_5.1
- (no CPE)range: < 1.14.1-1.el9_5.1
- (no CPE)range: < 1.14.1-1.el9_5.1
- (no CPE)range: < 1.14.1-1.el9_5.1
- (no CPE)range: < 1.14.1-1.el9_5.1
- (no CPE)range: < 1.14.1-1.el9_5.1
- (no CPE)range: < 1.20.11-28.el9_6
- (no CPE)range: < 1.20.11-28.el9_6
- (no CPE)range: < 1.20.11-28.el9_6
- (no CPE)range: < 1.20.11-28.el9_6
- (no CPE)range: < 1.20.11-28.el9_6
- (no CPE)range: < 1.20.11-28.el9_6
- (no CPE)range: < 1.20.11-28.el9_6
- (no CPE)range: < 1.20.11-28.el9_6
- (no CPE)range: < 23.2.7-3.el9_6
- (no CPE)range: < 23.2.7-3.el9_6
- (no CPE)range: < 21.1.11-150600.5.6.1
- (no CPE)range: < 21.1.15-2.1
- (no CPE)range: < 24.1.1-150600.5.9.1
- (no CPE)range: < 24.1.5-2.1
- (no CPE)range: < 1.20.3-150200.22.5.102.1
- (no CPE)range: < 1.20.3-150200.22.5.102.1
- (no CPE)range: < 1.20.3-150400.38.54.1
- (no CPE)range: < 1.20.3-150400.38.54.1
- (no CPE)range: < 21.1.4-150500.7.32.1
- (no CPE)range: < 21.1.4-150500.7.32.1
- (no CPE)range: < 21.1.11-150600.5.6.1
- (no CPE)range: < 21.1.11-150600.5.6.1
- (no CPE)range: < 1.19.6-10.80.1
- (no CPE)range: < 1.20.3-150200.22.5.102.1
- (no CPE)range: < 1.20.3-150400.38.54.1
- (no CPE)range: < 21.1.4-150500.7.32.1
- (no CPE)range: < 1.20.3-150200.22.5.102.1
- (no CPE)range: < 1.20.3-150400.38.54.1
- (no CPE)range: < 21.1.4-150500.7.32.1
- (no CPE)range: < 1.19.6-10.80.1
- (no CPE)range: < 1.20.3-150200.22.5.102.1
- (no CPE)range: < 1.20.3-150400.38.54.1
- (no CPE)range: < 1.20.3-150400.38.54.1
- (no CPE)range: < 24.1.1-150600.5.9.1
Patches
Vulnerability mechanics
References
18- access.redhat.com/errata/RHSA-2025:2500nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2502nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2861nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2862nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2865nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2866nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2873nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2874nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2875nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2879nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2880nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2025-26598nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- access.redhat.com/errata/RHSA-2025:3976nvd
- access.redhat.com/errata/RHSA-2025:7163nvd
- access.redhat.com/errata/RHSA-2025:7165nvd
- access.redhat.com/errata/RHSA-2025:7458nvd
- lists.debian.org/debian-lts-announce/2025/02/msg00036.htmlnvd
News mentions
0No linked articles in our index yet.