By vendor

X.Org vulnerabilities

Known CVEs affecting X.Org products, prioritized by severity, with SEC.co remediation and detection guidance.

9 published vulnerabilities

  • CVE-2026-50256HIGH 7.8

    The X.Org X server and Xwayland contain a buffer overflow vulnerability caused by a mismatch in how the server and its font library handle font alias names. The server reserves a 256-byte buffer for font alias processing, but the underlying libXfont2 library allows names up to 1024 bytes. An attacker can supply a specially crafted font alias name between 257 and 1023 bytes, causing the server to overflow the undersized buffer. This can crash the display server or, if the X server runs with root privileges, potentially enable privilege escalation.

  • CVE-2026-50257HIGH 7.8

    A use-after-free vulnerability exists in the X.Org X server and Xwayland that allows an attacker to crash the display server or potentially escalate privileges. The flaw occurs in the miSyncDestroyFence() function when multiple X clients interact with fence synchronization primitives. An attacker would establish a fence trigger, then have a second connection destroy it prematurely, leaving the first client's code trying to reference memory that has been freed. If the X server runs with root privileges—common in many deployments—this could lead to privilege escalation.

  • CVE-2026-50258HIGH 7.8

    A flaw in the X.Org X server and Xwayland allows a local user to cause a crash or potentially gain elevated privileges by manipulating keyboard type configurations. The vulnerability stems from incomplete validation of keyboard shift level parameters, enabling a malicious application or user to exceed safe memory boundaries and overflow the server's stack. Because X servers often run with elevated privileges on Linux systems, this issue carries significant risk in shared or untrusted environments.

  • CVE-2026-50259HIGH 7.8

    A stack memory overflow vulnerability exists in the X.Org X server and Xwayland that allows a local attacker with limited privileges to crash the display server or potentially gain elevated privileges. The flaw stems from improper bounds checking when processing keyboard mapping configuration, where an attacker can write beyond a fixed-size array on the stack. If the X server runs with root privileges—a common configuration in many Linux environments—this becomes a path to privilege escalation.

  • CVE-2026-50260HIGH 7.8

    A use-after-free vulnerability exists in the X.Org X server and Xwayland display servers. An attacker with local access can exploit this by creating multiple synchronized counters through one client connection, then destroying them from a separate connection, causing the server to access memory that has already been freed. This can crash the display server or, if the X server runs with root privileges, potentially allow privilege escalation to system administrator level.

  • CVE-2026-50261HIGH 7.8

    A use-after-free memory vulnerability exists in the X.Org X server and Xwayland, specifically in the SyncChangeCounter() function. An attacker with local access can exploit this by setting up multiple sync counters from one client connection and then destroying them from a second connection while modifying the counters. This creates a window where the server attempts to access memory that has already been freed, potentially crashing the display server or—in cases where the X server runs with root privileges—enabling privilege escalation.

  • CVE-2026-50264HIGH 7.8

    A memory corruption vulnerability exists in X.Org's X server and Xwayland that allows a local user to write beyond allocated memory boundaries. An attacker can craft a specially crafted request asking for multiple back-left and one front-left DRI2 buffer attachment, causing the server to write data into memory it shouldn't access. This can crash the display server or, if that server runs with elevated privileges, enable privilege escalation. The vulnerability requires local access and user-level permissions to trigger.

  • CVE-2026-50262MEDIUM 5.5

    CVE-2026-50262 is an information disclosure vulnerability in the X.Org X server and Xwayland components. A flawed validation check in the ChangeDrawableAttributes function allows an authenticated local attacker to read beyond the intended buffer boundaries, potentially exposing sensitive data from memory. The vulnerability is limited to information disclosure on standard configurations; a write variant exists but is disabled by default in most deployments.

  • CVE-2026-50263MEDIUM 5.5

    CVE-2026-50263 is a use-after-free memory vulnerability in X.Org's X server and Xwayland components that can leak sensitive information from system memory. When a client manipulates window attributes and triggers the screen saver, the CreateSaverWindow() function accesses memory that has already been freed, allowing the attacker to read data that should no longer be accessible. The vulnerability requires local access and low privileges but can expose confidential information without crashing the system.