Description
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
Published: 2025-02-25
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption that may lead to denial of service or code execution
Action: Patch immediately
AI Analysis

Impact

An access to an uninitialized pointer flaw was found in the compredirectwindow() routine of X.Org and Xwayland. When a backing pixmap cannot be allocated, compCheckRedirect() may return a BadAlloc error without completing earlier validation of the window tree. This leaves partially initialized data that is used later, resulting in unpredictable memory corruption that can potentially allow an attacker to crash the display server or execute arbitrary code, depending on how the corrupted data is leveraged.

Affected Systems

The vulnerability affects multiple Red Hat Enterprise Linux releases, including RHEL 6, 7, 8, 8.2, 8.4, 8.6, 8.8, 9, 9.0, 9.2, 9.4, and 10, together with their extended update and support branches. It also impacts packages that bundle the Xorg server, Xwayland, and TigerVNC drivers that incorporate Xwayland code. Non‑Red Hat distributions that employ these components are similarly at risk if the Xorg/Xwayland packages remain unpatched.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, while the EPSS score of less than 1% suggests a low likelihood of current exploitation. The vulnerability is not listed in the CISA KEV catalog, and no public exploits are known. The most likely attack vector is local, since Xorg and Xwayland run in user space on the host. An attacker who can cause the allocation failure—such as by crafting a special window—might trigger a crash or potentially gain code execution, but reliable exploitation would require local access or compromise of the display server. Consequently, the risk is moderate, but the vulnerability should be remediated promptly.

Generated by OpenCVE AI on April 28, 2026 at 03:36 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Apply the Red Hat errata packages RHSA‑2025:2500, RHSA‑2025:2502, RHSA‑2025:2861, RHSA‑2025:2862, RHSA‑2025:2865, RHSA‑2025:2866, RHSA‑2025:2873, RHSA‑2025:2874, RHSA‑2025:2875, RHSA‑2025:2879, RHSA‑2025:2880, RHSA‑2025:3976, RHSA‑2025:7163, RHSA‑2025:7165, and RHSA‑2025:7458 to update Xorg and Xwayland to the patched releases.
  • If you use a non‑Red Hat distribution, upgrade the Xorg server and Xwayland packages to the latest releases that include the upstream fix.
  • After installing the updated packages, restart the display server or reboot the system to ensure the new binaries are in use.

Generated by OpenCVE AI on April 28, 2026 at 03:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4072-1 xorg-server security update
Debian DSA Debian DSA DSA-5872-1 xorg-server security update
EUVD EUVD EUVD-2025-5424 An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
Ubuntu USN Ubuntu USN USN-7299-1 X.Org X Server vulnerabilities
Ubuntu USN Ubuntu USN USN-7299-2 X.Org X Server vulnerabilities
Ubuntu USN Ubuntu USN USN-7299-4 X.Org X Server regression
History

Mon, 06 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhel_els:6
References

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 13 May 2025 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10.0
References

Tue, 13 May 2025 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::crb
References

Thu, 08 May 2025 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*		 cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*

Mon, 17 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2
cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6

Mon, 17 Mar 2025 05:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Mon, 17 Mar 2025 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_e4s:8.4::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_tus:8.4::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
References

Mon, 17 Mar 2025 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:8.8::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 11 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9

Mon, 10 Mar 2025 13:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream
References

Tue, 04 Mar 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Tigervnc
Tigervnc tigervnc
X.org
X.org x Server
X.org xwayland
CPEs cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Tigervnc
Tigervnc tigervnc
X.org
X.org x Server
X.org xwayland

Wed, 26 Feb 2025 02:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 25 Feb 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 25 Feb 2025 16:00:00 +0000

Type Values Removed Values Added
Description An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
Title Xorg: xwayland: use of uninitialized pointer in compredirectwindow()
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-824
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus
Tigervnc Tigervnc
X.org X Server Xwayland
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-06T12:53:26.527Z

Reserved: 2025-02-12T14:12:22.796Z

Link: CVE-2025-26599

cve-icon Vulnrichment

Updated: 2025-11-03T21:13:06.472Z

cve-icon NVD

Status : Modified

Published: 2025-02-25T16:15:39.163

Modified: 2026-04-06T13:17:16.537

Link: CVE-2025-26599

cve-icon Redhat

Severity : Important

Publid Date: 2025-02-25T00:00:00Z

Links: CVE-2025-26599 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T03:45:20Z

Weaknesses