CVE-2025-26597: Improper Restriction of Operations within the Bounds of a Memory Buffer
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.
AI Analysis
Technical Summary
The vulnerability arises from improper handling of key symbol and action tables in XkbChangeTypesOfKey() within X.Org and Xwayland. Calling this function with a zero group resizes the key symbols table to zero but leaves the key actions table unchanged. Later calls with a non-zero group value lead to a buffer overflow because the key actions buffer size does not match the resized key symbols table. This flaw can lead to memory corruption with potential impacts on confidentiality, integrity, and availability as indicated by the CVSS vector. It is one of several vulnerabilities fixed in TigerVNC updates for Red Hat Enterprise Linux 8 and 9.
Potential Impact
The buffer overflow can result in memory corruption, potentially allowing an attacker with local privileges to execute arbitrary code or cause denial of service. The CVSS 3.1 base score is 7.8 (High), reflecting high impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Official patches addressing this vulnerability are available from Red Hat as part of TigerVNC security updates for Red Hat Enterprise Linux 8 and 9. Users should apply these updates promptly following Red Hat's guidance at https://access.redhat.com/articles/11258. The vendor advisory confirms the availability of fixes and recommends updating affected packages to remediate the issue.
CVE-2025-26597: Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability arises from improper handling of key symbol and action tables in XkbChangeTypesOfKey() within X.Org and Xwayland. Calling this function with a zero group resizes the key symbols table to zero but leaves the key actions table unchanged. Later calls with a non-zero group value lead to a buffer overflow because the key actions buffer size does not match the resized key symbols table. This flaw can lead to memory corruption with potential impacts on confidentiality, integrity, and availability as indicated by the CVSS vector. It is one of several vulnerabilities fixed in TigerVNC updates for Red Hat Enterprise Linux 8 and 9.
Potential Impact
The buffer overflow can result in memory corruption, potentially allowing an attacker with local privileges to execute arbitrary code or cause denial of service. The CVSS 3.1 base score is 7.8 (High), reflecting high impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Official patches addressing this vulnerability are available from Red Hat as part of TigerVNC security updates for Red Hat Enterprise Linux 8 and 9. Users should apply these updates promptly following Red Hat's guidance at https://access.redhat.com/articles/11258. The vendor advisory confirms the availability of fixes and recommends updating affected packages to remediate the issue.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-02-12T14:12:22.795Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fc1484d88663aecc03
Added to database: 5/20/2025, 6:59:08 PM
Last enriched: 4/7/2026, 5:52:26 AM
Last updated: 5/9/2026, 7:31:41 PM
Views: 83
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.