CVE-2026-50264
X.Org X Server and Xwayland Out-of-Bounds Write Vulnerability
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the_x_org_foundation | xorg_x11_server | to 21.1.22 (exc) |
| the_x_org_foundation | xorg_x11_server_xwayland | to 24.1.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-50264 is a security vulnerability in the X.Org X server and Xwayland components, specifically in the DRI2 functions DRIGetBuffers and DRIGetBuffersWithFormat.
The flaw is an out-of-bounds heap write that occurs when a local X client requests multiple DRI2BufferBackLeft attachments along with one DRI2BufferFrontLeft attachment.
This improper handling can lead to memory corruption, which may cause the X server to crash or be exploited for privilege escalation if the server is running with root privileges.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local attacker with access to the X server to cause a denial of service through a server crash.
More seriously, if the X server is running with root privileges, the attacker could exploit this flaw to escalate their privileges, potentially gaining unauthorized root access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an out-of-bounds heap write triggered by a local X client requesting multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft. Detection would involve checking the version of the xorg-x11-server and xorg-x11-server-Xwayland packages installed on your system.
You can detect if your system is vulnerable by verifying the package versions. The affected versions are xorg-x11-server versions up to 21.1.22 and xorg-x11-server-Xwayland versions up to 24.1.9.
Suggested commands to check installed package versions on a Linux system include:
- For RPM-based systems (e.g., Red Hat, CentOS, Fedora): rpm -q xorg-x11-server xorg-x11-server-Xwayland
- For Debian-based systems (e.g., Ubuntu): dpkg -l | grep xorg-x11-server
Additionally, monitoring for crashes or unusual behavior in the X server process may indicate exploitation attempts, but no specific detection commands or signatures are provided.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the affected packages to versions where the vulnerability has been fixed.
- Upgrade xorg-x11-server to version 21.1.23 or later.
- Upgrade xorg-x11-server-Xwayland to version 24.1.12 or later.
If immediate upgrading is not possible, restrict local access to the X server to trusted users only, as exploitation requires a local client connection.