High severity7.8NVD Advisory· Published Feb 25, 2025· Updated Apr 6, 2026
CVE-2025-26599
CVE-2025-26599
Description
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
Affected products
6cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- access.redhat.com/errata/RHSA-2025:2500nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2502nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2861nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2862nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2865nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2866nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2873nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2874nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2875nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2879nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2880nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2025-26599nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- access.redhat.com/errata/RHSA-2025:3976nvd
- access.redhat.com/errata/RHSA-2025:7163nvd
- access.redhat.com/errata/RHSA-2025:7165nvd
- access.redhat.com/errata/RHSA-2025:7458nvd
- lists.debian.org/debian-lts-announce/2025/02/msg00036.htmlnvd
News mentions
0No linked articles in our index yet.