Published Corrects X.org Server 21.1.1 and DDX component (Device-Dependent X) xwayland 24.1.6, ensuring the launch of X.org Server to organize the implementation of X11 applications in the environment on the basis of Wayland. In the new version of X.org Server, vulnerabilities have been identified. These problems can potentially be exploited to increase privileges in systems where the X-server is performed with Root rights, as well as for remote code execution in configurations using X11 sessions for access.
The identified vulnerabilities include:
- CVE-2025-26594: A use-after-free vulnerability in the processor of the root window cursor.
- CVE-2025-26595: Buffer overflow in the XKBVMODMASKTEXT() function.
- CVE-2025-26596: Buffer overflow in the XKBWRITEKEYSYMS() function.
- CVE-2025-26597: Buffer overflow in the XKBCHANGETYPESOFKEY() function.
- CVE-2025-26598: Data leakage in the CreatepointerbarrierClient() function.
- CVE-2025-26599: Inconsistent pointer access in the compredirectWindow() function.
- CVE-2025-26600: Use-after-free vulnerability in the PlayreleSedEvents() function.
- CVE-2025-26601: Use-after-free vulnerability in the Syncinittrigger() function.
/Reports, release notes, official announcements.