High severity7.8NVD Advisory· Published Feb 25, 2025· Updated Apr 6, 2026
CVE-2025-26601
CVE-2025-26601
Description
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
Affected products
6cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- access.redhat.com/errata/RHSA-2025:2500nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2502nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2861nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2862nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2865nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2866nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2873nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2874nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2875nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2879nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2025:2880nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2025-26601nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- access.redhat.com/errata/RHSA-2025:3976nvd
- access.redhat.com/errata/RHSA-2025:7163nvd
- access.redhat.com/errata/RHSA-2025:7165nvd
- access.redhat.com/errata/RHSA-2025:7458nvd
- lists.debian.org/debian-lts-announce/2025/02/msg00036.htmlnvd
- security.netapp.com/advisory/ntap-20250516-0004/nvd
News mentions
0No linked articles in our index yet.