CVE-2025-26595

high

Description

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

References

Advisories
More

https://access.redhat.com/security/cve/CVE-2025-26595

https://access.redhat.com/errata/RHSA-2025:7458

https://access.redhat.com/errata/RHSA-2025:7165

https://access.redhat.com/errata/RHSA-2025:7163

https://access.redhat.com/errata/RHSA-2025:2880

https://access.redhat.com/errata/RHSA-2025:2879

https://access.redhat.com/errata/RHSA-2025:2875

https://access.redhat.com/errata/RHSA-2025:2874

https://access.redhat.com/errata/RHSA-2025:2873

https://access.redhat.com/errata/RHSA-2025:2866

https://access.redhat.com/errata/RHSA-2025:2865

https://access.redhat.com/errata/RHSA-2025:2862

https://access.redhat.com/errata/RHSA-2025:2861

https://access.redhat.com/errata/RHSA-2025:2502

https://access.redhat.com/errata/RHSA-2025:2500

https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html

https://bugzilla.redhat.com/show_bug.cgi?id=2345257

Details

Source: Mitre, NVD

Published: 2025-02-25

Updated: 2025-11-03

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00023