CVE-2025-26601
Publication date 25 February 2025
Last updated 26 February 2025
Ubuntu priority
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| xorg | 24.10 oracular |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| xorg-hwe-16.04 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 16.04 LTS xenial |
Not affected
|
|
| xorg-hwe-18.04 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| xorg-server | 24.10 oracular |
Fixed 2:21.1.13-2ubuntu1.2
|
| 24.04 LTS noble |
Fixed 2:21.1.12-1ubuntu1.2
|
|
| 22.04 LTS jammy |
Fixed 2:21.1.4-2ubuntu1.7~22.04.13
|
|
| 20.04 LTS focal |
Fixed 2:1.20.13-1ubuntu1~20.04.19
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| xorg-server-hwe-16.04 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 16.04 LTS xenial |
Needs evaluation
|
|
| xorg-server-hwe-18.04 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| xwayland | 24.10 oracular |
Fixed 2:24.1.2-1ubuntu0.4
|
| 24.04 LTS noble |
Fixed 2:23.2.6-1ubuntu0.4
|
|
| 22.04 LTS jammy |
Fixed 2:22.1.1-1ubuntu0.17
|
|
| 20.04 LTS focal | Not in release |
Notes
mdeslaur
xorg server is actually the xorg-server package the xorg package only contains docs xwayland package contains parts of xorg-server
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-7299-1
- X.Org X Server vulnerabilities
- 25 February 2025