7.8

CVE-2026-50260

Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X.OrgX Server Version < 21.1.23
X.OrgXwayland Version < 24.1.12
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.049
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=2485385
Third Party Advisory
Issue Tracking
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50260.json
https://access.redhat.com/errata/RHSA-2026:26562
https://access.redhat.com/errata/RHSA-2026:26566
https://access.redhat.com/errata/RHSA-2026:26590
https://access.redhat.com/errata/RHSA-2026:26610
https://access.redhat.com/errata/RHSA-2026:26709
https://access.redhat.com/errata/RHSA-2026:28923
https://access.redhat.com/errata/RHSA-2026:29844
https://access.redhat.com/errata/RHSA-2026:36083
https://access.redhat.com/errata/RHSA-2026:36085
https://access.redhat.com/errata/RHSA-2026:36086
https://access.redhat.com/errata/RHSA-2026:36087
https://lists.x.org/archives/xorg-announce/2026-June/003702.html
Vendor Advisory
Mailing List
https://redhat.atlassian.net/browse/PSIRTSUPT-16950
Permissions Required
https://access.redhat.com/security/cve/CVE-2026-50260
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:36632
https://access.redhat.com/errata/RHSA-2026:36633
https://access.redhat.com/errata/RHSA-2026:36634
https://access.redhat.com/errata/RHSA-2026:36791
https://access.redhat.com/errata/RHSA-2026:36792
https://access.redhat.com/errata/RHSA-2026:36768
https://access.redhat.com/errata/RHSA-2026:36798