Vulnerabilities > CVE-2025-26599 - Access of Uninitialized Pointer vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2025-02-25

Updated: 2025-04-10

Summary

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.

Vulnerable Configurations

Part	Description	Count
Application	Tigervnc Tigervnc Tigervnc -	1
Application	X.Org X.Org X Server - X.Org Xwayland -	2
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	3

Common Weakness Enumeration (CWE)

CWE-824 - Access of Uninitialized Pointer

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References