Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-26598

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()

An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.

References

https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html
RHSA-2025:2500 x_refsource_REDHAT vendor-advisory
RHSA-2025:2502 x_refsource_REDHAT vendor-advisory
RHSA-2025:2861 x_refsource_REDHAT vendor-advisory
RHSA-2025:2862 x_refsource_REDHAT vendor-advisory
RHSA-2025:2865 x_refsource_REDHAT vendor-advisory
RHSA-2025:2866 x_refsource_REDHAT vendor-advisory
RHSA-2025:2873 x_refsource_REDHAT vendor-advisory
RHSA-2025:2874 x_refsource_REDHAT vendor-advisory
RHSA-2025:2875 x_refsource_REDHAT vendor-advisory
RHSA-2025:2879 x_refsource_REDHAT vendor-advisory
RHSA-2025:2880 x_refsource_REDHAT vendor-advisory
RHSA-2025:7163 x_refsource_REDHAT vendor-advisory
RHSA-2025:7165 x_refsource_REDHAT vendor-advisory
RHSA-2025:7458 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-26598 x_refsource_REDHAT vdb-entry
RHBZ#2345254 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html

Affected products

xserver

<21.1.16
<24.1.6

tigervnc

xorg-x11-server

xorg-x11-server-Xwayland

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

nixos-unstable -
- nixpkgs-unstable 1.15.0

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.tigervnc