X server

CVEs (9)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-50264	Xorg X server	Hig	0.51	7.8	—	Jun 5, 2026	An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the…
CVE-2026-50261	Xorg Xwayland	Hig	0.51	7.8	—	Jun 5, 2026	A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to…
CVE-2026-50260	Xorg Xwayland	Hig	0.51	7.8	—	Jun 5, 2026	A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the…
CVE-2026-50259	Xorg Xwayland	Hig	0.51	7.8	—	Jun 5, 2026	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a…
CVE-2026-50258	Xorg Xwayland	Hig	0.51	7.8	—	Jun 5, 2026	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key…
CVE-2026-50257	Xorg Xwayland	Hig	0.51	7.8	—	Jun 5, 2026	A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a…
CVE-2026-50256	Xorg Xwayland	Hig	0.51	7.8	—	Jun 5, 2026	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but…
CVE-2026-50263	Xorg Xwayland	Med	0.36	5.5	—	Jun 5, 2026	A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
CVE-2026-50262	Xorg Xwayland	Med	0.36	5.5	—	Jun 5, 2026	An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists…

CVE-2026-50264HigJun 5, 2026
Xorg
X server
risk 0.51cvss 7.8epss —
An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the…
CVE-2026-50261HigJun 5, 2026
Xorg
Xwayland
risk 0.51cvss 7.8epss —
A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to…
CVE-2026-50260HigJun 5, 2026
Xorg
Xwayland
risk 0.51cvss 7.8epss —
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the…
CVE-2026-50259HigJun 5, 2026
Xorg
Xwayland
risk 0.51cvss 7.8epss —
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a…
CVE-2026-50258HigJun 5, 2026
Xorg
Xwayland
risk 0.51cvss 7.8epss —
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key…
CVE-2026-50257HigJun 5, 2026
Xorg
Xwayland
risk 0.51cvss 7.8epss —
A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a…
CVE-2026-50256HigJun 5, 2026
Xorg
Xwayland
risk 0.51cvss 7.8epss —
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but…
CVE-2026-50263MedJun 5, 2026
Xorg
Xwayland
risk 0.36cvss 5.5epss —
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
CVE-2026-50262MedJun 5, 2026
Xorg
Xwayland
risk 0.36cvss 5.5epss —
An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists…