5.5
CVE-2026-50263
- EPSS 0.14%
- Veröffentlicht 05.06.2026 10:36:46
- Zuletzt bearbeitet 08.07.2026 20:16:51
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.038 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://bugzilla.redhat.com/show_bug.cgi?id=2485388
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ecc634f1b2f7aa473d3a267eada98c4918bf9e05
https://access.redhat.com/errata/RHSA-2026:26562
https://access.redhat.com/errata/RHSA-2026:26566
https://access.redhat.com/errata/RHSA-2026:26590
https://access.redhat.com/errata/RHSA-2026:26610
https://access.redhat.com/errata/RHSA-2026:26709
https://access.redhat.com/errata/RHSA-2026:28923
https://access.redhat.com/errata/RHSA-2026:29844
https://access.redhat.com/errata/RHSA-2026:36083
https://access.redhat.com/errata/RHSA-2026:36085
https://access.redhat.com/errata/RHSA-2026:36086
https://access.redhat.com/errata/RHSA-2026:36087
https://lists.x.org/archives/xorg-announce/2026-June/003702.html
https://redhat.atlassian.net/browse/PSIRTSUPT-16950
https://access.redhat.com/security/cve/CVE-2026-50263
https://access.redhat.com/errata/RHSA-2026:36632
https://access.redhat.com/errata/RHSA-2026:36633
https://access.redhat.com/errata/RHSA-2026:36634
https://access.redhat.com/errata/RHSA-2026:36791
https://access.redhat.com/errata/RHSA-2026:36792
https://access.redhat.com/errata/RHSA-2026:36768
https://access.redhat.com/errata/RHSA-2026:36798