{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-26598", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-02-12T14:12:22.796Z", "datePublished": "2025-02-25T15:54:57.355Z", "dateUpdated": "2025-03-10T12:51:25.088Z"}, "containers": {"cna": {"title": "Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.13.1-15.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.14.1-1.el9_5.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:2500", "name": "RHSA-2025:2500", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2502", "name": "RHSA-2025:2502", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-26598", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345254", "name": "RHBZ#2345254", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-02-25T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-787: Out-of-bounds Write", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2025-02-12T14:15:01.664000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-25T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-10T12:51:25.088Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-25T16:24:04.385893Z", "id": "CVE-2025-26598", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T16:24:43.094Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-26598", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-25T16:24:04.385893Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T16:24:39.570Z"}}], "cna": {"title": "Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:1.13.1-15.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:1.14.1-1.el9_5.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "xorg-x11-server-Xwayland", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "xorg-x11-server-Xwayland", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-02-12T14:15:01.664000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-25T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-02-25T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:2500", "name": "RHSA-2025:2500", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2502", "name": "RHSA-2025:2502", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-26598", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345254", "name": "RHBZ#2345254", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-10T12:51:25.088Z"}, "x_redhatCweChain": "CWE-787: Out-of-bounds Write"}}, "cveMetadata": {"cveId": "CVE-2025-26598", "state": "PUBLISHED", "dateUpdated": "2025-03-10T12:51:25.088Z", "dateReserved": "2025-02-12T14:12:22.796Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-02-25T15:54:57.355Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*", "matchCriteriaId": "79A8316C-BA22-441E-92AF-415AFABCEB76", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "858025BB-24A3-42C3-B157-486862B37124", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*", "matchCriteriaId": "698FAFE9-BC9C-4ACF-8884-A18135EB2AA0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de escritura fuera de los l\u00edmites en X.Org y Xwayland. La funci\u00f3n GetBarrierDevice() busca el dispositivo puntero en funci\u00f3n de su ID de dispositivo y devuelve el valor coincidente, o supuestamente NULL, si no se encuentra ninguna coincidencia. Sin embargo, el c\u00f3digo devolver\u00e1 el \u00faltimo elemento de la lista si no se encuentra ninguna ID de dispositivo coincidente, lo que puede provocar un acceso a la memoria fuera de los l\u00edmites."}], "id": "CVE-2025-26598", "lastModified": "2025-03-10T13:15:35.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-02-25T16:15:38.977", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2500"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2502"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2025-26598"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345254"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:2502", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "tigervnc-0:1.13.1-15.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2500", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "tigervnc-0:1.14.1-1.el9_5.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-10T00:00:00Z"}], "bugzilla": {"description": "xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient()", "id": "2345254", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345254"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.", "An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-26598", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "impact": "moderate", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "impact": "moderate", "package_name": "xorg-x11-server-Xwayland", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "impact": "moderate", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "impact": "moderate", "package_name": "xorg-x11-server-Xwayland", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-26598\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26598"], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "threat_severity": "Important"}