CVE-2025-26598
Published: 25 February 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-26598 is an out-of-bounds write vulnerability in X.Org Server and Xwayland. The flaw occurs in the GetBarrierDevice() function, which searches for a pointer device by its device ID and is intended to return NULL if no match is found. Instead, the function returns the last element of the list when no matching device ID exists, potentially leading to out-of-bounds memory access. The vulnerability is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, enabling potential arbitrary code execution, data corruption, or system crashes through the out-of-bounds write.
Red Hat has issued multiple security errata addressing this issue, including RHSA-2025:2500, RHSA-2025:2502, RHSA-2025:2861, RHSA-2025:2862, and RHSA-2025:2865, which provide updated packages for affected Red Hat products incorporating fixes for the vulnerability.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Out-of-bounds write and related memory corruption vulnerabilities (use-after-free, buffer/heap overflows) in Xwayland, as patched in TigerVNC server, enable remote exploitation over VNC connections for arbitrary code execution.