CVE-2025-26600

Published: February 26, 2025Last modified: February 28, 2025

Description

A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.

Severity score breakdown

Status

References

• https://access.redhat.com/errata/RHSA-2025:2500
• https://access.redhat.com/errata/RHSA-2025:2502
• https://access.redhat.com/errata/RHSA-2025:2861
• https://access.redhat.com/errata/RHSA-2025:2862
• https://access.redhat.com/errata/RHSA-2025:2865
• https://access.redhat.com/errata/RHSA-2025:2866
• https://access.redhat.com/errata/RHSA-2025:2873
• https://access.redhat.com/errata/RHSA-2025:2874
• https://access.redhat.com/errata/RHSA-2025:2875
• https://access.redhat.com/errata/RHSA-2025:2879
• https://access.redhat.com/errata/RHSA-2025:2880
• https://access.redhat.com/errata/RHSA-2025:7163
• https://access.redhat.com/errata/RHSA-2025:7165
• https://access.redhat.com/errata/RHSA-2025:7458
• https://access.redhat.com/security/cve/CVE-2025-26600
• https://bugzilla.redhat.com/show_bug.cgi?id=2345252
• https://security.netapp.com/advisory/ntap-20250516-0005/