Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-26601

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Xorg: xwayland: use-after-free in syncinittrigger()

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

References

https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20250516-0004/
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20250516-0004/
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
https://security.netapp.com/advisory/ntap-20250516-0004/
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20250516-0004/
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26601 x_refsource_REDHAT vdb-entry
RHBZ#2345251 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
https://security.netapp.com/advisory/ntap-20250516-0004/
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html

Affected products

xserver

<21.1.16
<24.1.6

tigervnc

xorg-x11-server

xorg-x11-server-Xwayland

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

nixos-unstable -
- nixpkgs-unstable 1.15.0

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.tigervnc