CVE-2025-26599: Access of Uninitialized Pointer
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
AI Analysis
Technical Summary
An access of an uninitialized pointer vulnerability (CVE-2025-26599) exists in X.Org and Xwayland within the compRedirectWindow() function. When compCheckRedirect() fails to allocate the backing pixmap, it returns a BadAlloc error but does not properly validate the window tree marked just before, resulting in partially initialized validated data and subsequent use of an uninitialized pointer. This flaw can impact confidentiality, integrity, and availability. Red Hat has released patches for this vulnerability as part of security updates to tigervnc packages in Red Hat Enterprise Linux versions 8 and 9. These updates fix this and several other related vulnerabilities in Xwayland and X.Org components.
Potential Impact
The vulnerability allows use of an uninitialized pointer, which can lead to serious impacts on confidentiality, integrity, and availability of affected systems, as reflected by the CVSS score of 7.8 (high severity). Exploitation could cause crashes or potentially allow an attacker with local privileges to execute arbitrary code or cause denial of service. There are no known exploits in the wild at this time. The issue affects multiple architectures and versions of Red Hat Enterprise Linux 8 and 9.
Mitigation Recommendations
Official patches are available from Red Hat as part of security updates to tigervnc packages for Red Hat Enterprise Linux 8 and 9. Users should apply these updates promptly following Red Hat's guidance at https://access.redhat.com/articles/11258. The vendor advisory confirms the availability of fixes and recommends updating to the patched versions to remediate this vulnerability. No additional mitigation steps are indicated beyond applying the official patches.
CVE-2025-26599: Access of Uninitialized Pointer
Description
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An access of an uninitialized pointer vulnerability (CVE-2025-26599) exists in X.Org and Xwayland within the compRedirectWindow() function. When compCheckRedirect() fails to allocate the backing pixmap, it returns a BadAlloc error but does not properly validate the window tree marked just before, resulting in partially initialized validated data and subsequent use of an uninitialized pointer. This flaw can impact confidentiality, integrity, and availability. Red Hat has released patches for this vulnerability as part of security updates to tigervnc packages in Red Hat Enterprise Linux versions 8 and 9. These updates fix this and several other related vulnerabilities in Xwayland and X.Org components.
Potential Impact
The vulnerability allows use of an uninitialized pointer, which can lead to serious impacts on confidentiality, integrity, and availability of affected systems, as reflected by the CVSS score of 7.8 (high severity). Exploitation could cause crashes or potentially allow an attacker with local privileges to execute arbitrary code or cause denial of service. There are no known exploits in the wild at this time. The issue affects multiple architectures and versions of Red Hat Enterprise Linux 8 and 9.
Mitigation Recommendations
Official patches are available from Red Hat as part of security updates to tigervnc packages for Red Hat Enterprise Linux 8 and 9. Users should apply these updates promptly following Red Hat's guidance at https://access.redhat.com/articles/11258. The vendor advisory confirms the availability of fixes and recommends updating to the patched versions to remediate this vulnerability. No additional mitigation steps are indicated beyond applying the official patches.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-02-12T14:12:22.796Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fc1484d88663aecc07
Added to database: 5/20/2025, 6:59:08 PM
Last enriched: 4/7/2026, 5:52:44 AM
Last updated: 5/9/2026, 4:07:50 AM
Views: 80
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.