| Name | CVE-2025-26601 |
| Description | A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1098906, 1098907 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| xorg-server (PTS) | bullseye | 2:1.20.11-1+deb11u13 | vulnerable |
| bullseye (security) | 2:1.20.11-1+deb11u14 | vulnerable | |
| bookworm, bookworm (security) | 2:21.1.7-3+deb12u8 | vulnerable | |
| sid, trixie | 2:21.1.15-3 | vulnerable | |
| xwayland (PTS) | bookworm | 2:22.1.9-1 | vulnerable |
| sid, trixie | 2:24.1.5-1 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| xorg-server | source | (unstable) | (unfixed) | 1098906 | ||
| xwayland | source | (unstable) | (unfixed) | 1098907 |
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
https://lists.x.org/archives/xorg-announce/2025-February/003584.html
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242d0ffc7f45ed3c595ee7564b5c04287e0b
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2f93a0c891494eb3334894442a92368030
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8817306af75a60f494ec9dbb1061e50db
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c285798984c6bb99e454a33772cde23d394d3dcd