7.8

CVE-2026-50261

Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X.OrgX Server Version < 21.1.23
X.OrgXwayland Version < 24.1.12
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.038
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://bugzilla.redhat.com/show_bug.cgi?id=2485386
Third Party Advisory
Issue Tracking
https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdd7bf57af208b1ddf57d4683d67104443b44812
Patch
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50261.json
https://access.redhat.com/errata/RHSA-2026:26562
https://access.redhat.com/errata/RHSA-2026:26566
https://access.redhat.com/errata/RHSA-2026:26590
https://access.redhat.com/errata/RHSA-2026:26610
https://access.redhat.com/errata/RHSA-2026:26709
https://access.redhat.com/errata/RHSA-2026:28923
https://access.redhat.com/errata/RHSA-2026:29844
https://access.redhat.com/errata/RHSA-2026:36083
https://access.redhat.com/errata/RHSA-2026:36085
https://access.redhat.com/errata/RHSA-2026:36086
https://access.redhat.com/errata/RHSA-2026:36087
https://lists.x.org/archives/xorg-announce/2026-June/003702.html
Vendor Advisory
Mailing List
https://redhat.atlassian.net/browse/PSIRTSUPT-16950
Permissions Required
https://access.redhat.com/security/cve/CVE-2026-50261
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:36632
https://access.redhat.com/errata/RHSA-2026:36633
https://access.redhat.com/errata/RHSA-2026:36634
https://access.redhat.com/errata/RHSA-2026:36791
https://access.redhat.com/errata/RHSA-2026:36792
https://access.redhat.com/errata/RHSA-2026:36768
https://access.redhat.com/errata/RHSA-2026:36798