
CVE-2025-26597 – Xorg: xwayland: buffer overflow in xkbchangetypesofkey()
https://notcve.org/view.php?id=CVE-2025-26597
25 Feb 2025 — A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged... • https://access.redhat.com/security/cve/CVE-2025-26597 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVE-2025-26596 – Xorg: xwayland: heap overflow in xkbwritekeysyms()
https://notcve.org/view.php?id=CVE-2025-26596
25 Feb 2025 — A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the XkbSizeKeySyms function. The is... • https://access.redhat.com/security/cve/CVE-2025-26596 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2025-26595 – Xorg: xwayland: buffer overflow in xkbvmodmasktext()
https://notcve.org/view.php?id=CVE-2025-26595
25 Feb 2025 — A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit t... • https://access.redhat.com/security/cve/CVE-2025-26595 • CWE-121: Stack-based Buffer Overflow •

CVE-2025-26594 – X.org: xwayland: use-after-free of the root cursor
https://notcve.org/view.php?id=CVE-2025-26594
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the h... • https://access.redhat.com/security/cve/CVE-2025-26594 • CWE-416: Use After Free •

CVE-2025-0690 – Grub2: read: integer overflow may lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-0690
24 Feb 2025 — The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence. • https://access.redhat.com/security/cve/CVE-2025-0690 • CWE-787: Out-of-bounds Write •

CVE-2025-0624 – Grub2: net: out-of-bounds write in grub_net_search_config_file()
https://notcve.org/view.php?id=CVE-2025-0624
19 Feb 2025 — A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot inf... • https://access.redhat.com/security/cve/CVE-2025-0624 • CWE-787: Out-of-bounds Write •

CVE-2025-0622 – Grub2: command/gpg: use-after-free due to hooks not being removed on module unload
https://notcve.org/view.php?id=CVE-2025-0622
18 Feb 2025 — A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections. • https://access.redhat.com/security/cve/CVE-2025-0622 • CWE-416: Use After Free •

CVE-2024-45776 – Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.
https://notcve.org/view.php?id=CVE-2024-45776
18 Feb 2025 — When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections. • https://access.redhat.com/security/cve/CVE-2024-45776 • CWE-787: Out-of-bounds Write •

CVE-2025-26466 – Openssh: denial-of-service in openssh
https://notcve.org/view.php?id=CVE-2025-26466
18 Feb 2025 — A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. • https://github.com/rxerium/CVE-2025-26466 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2025-26465 – Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
https://notcve.org/view.php?id=CVE-2025-26465
18 Feb 2025 — A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. It was discovered that the OpenSSH client incorrectly handled ... • https://github.com/rxerium/CVE-2025-26465 • CWE-390: Detection of Error Condition Without Action •