CVE-2025-26601: Use After Free
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
AI Analysis
Technical Summary
The vulnerability CVE-2025-26601 involves a use-after-free condition in the SyncInitTrigger() function of X.Org and Xwayland. When an alarm's change mask values are processed, an error can cause the function to return early without adding a new synchronization object, which may result in a use-after-free when the alarm triggers. This flaw affects versions up to 22.0.0 and has a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating local attack vector with low complexity, requiring low privileges and no user interaction, and impacts confidentiality, integrity, and availability. Red Hat has released patches for Red Hat Enterprise Linux 8 and 9 to remediate this issue as part of an important security update for tigervnc and related X.Org components.
Potential Impact
Successful exploitation of this use-after-free vulnerability can lead to high impact on confidentiality, integrity, and availability of affected systems. The flaw may allow an attacker with local access and low privileges to cause memory corruption, potentially leading to arbitrary code execution or denial of service. The CVSS score of 7.8 reflects the significant risk posed by this vulnerability if exploited.
Mitigation Recommendations
Red Hat has released official patches for Red Hat Enterprise Linux 8 and 9 that address CVE-2025-26601 along with other related vulnerabilities in X.Org and Xwayland. Users of affected Red Hat Enterprise Linux versions should apply the updated tigervnc packages as detailed in the Red Hat advisories RHSA-2025:2500 and RHSA-2025:2502. The advisories provide instructions for updating and remediation. Applying these updates will mitigate the vulnerability. Patch status is confirmed as fixed by Red Hat advisories.
CVE-2025-26601: Use After Free
Description
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-26601 involves a use-after-free condition in the SyncInitTrigger() function of X.Org and Xwayland. When an alarm's change mask values are processed, an error can cause the function to return early without adding a new synchronization object, which may result in a use-after-free when the alarm triggers. This flaw affects versions up to 22.0.0 and has a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating local attack vector with low complexity, requiring low privileges and no user interaction, and impacts confidentiality, integrity, and availability. Red Hat has released patches for Red Hat Enterprise Linux 8 and 9 to remediate this issue as part of an important security update for tigervnc and related X.Org components.
Potential Impact
Successful exploitation of this use-after-free vulnerability can lead to high impact on confidentiality, integrity, and availability of affected systems. The flaw may allow an attacker with local access and low privileges to cause memory corruption, potentially leading to arbitrary code execution or denial of service. The CVSS score of 7.8 reflects the significant risk posed by this vulnerability if exploited.
Mitigation Recommendations
Red Hat has released official patches for Red Hat Enterprise Linux 8 and 9 that address CVE-2025-26601 along with other related vulnerabilities in X.Org and Xwayland. Users of affected Red Hat Enterprise Linux versions should apply the updated tigervnc packages as detailed in the Red Hat advisories RHSA-2025:2500 and RHSA-2025:2502. The advisories provide instructions for updating and remediation. Applying these updates will mitigate the vulnerability. Patch status is confirmed as fixed by Red Hat advisories.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-02-12T14:12:22.796Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0f91484d88663aeba63
Added to database: 5/20/2025, 6:59:05 PM
Last enriched: 4/7/2026, 5:52:57 AM
Last updated: 5/9/2026, 5:25:17 AM
Views: 75
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.