CVE-2025-26599 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-26599

CVE-2025-26599

February 25, 2025

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.

Related Resources (19)

https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8bedb90b039dc0f70ae69daf047ff9598

https://access.redhat.com/errata/RHSA-2025:2875

https://access.redhat.com/errata/RHSA-2025:2879

https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html

https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84bef2569b4ba4be59323cf575d1798ba9be

https://access.redhat.com/errata/RHSA-2025:2873

https://access.redhat.com/errata/RHSA-2025:2874

https://access.redhat.com/errata/RHSA-2025:7165

https://access.redhat.com/errata/RHSA-2025:7163

https://access.redhat.com/errata/RHSA-2025:2865

https://access.redhat.com/security/cve/CVE-2025-26599