CVE-2026-50264
Modified Modified - Updated After Analysis
X.Org X Server and Xwayland Out-of-Bounds Write Vulnerability

Publication date: 2026-06-05

Last updated on: 2026-06-25

Assigner: Red Hat, Inc.

Description
An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-50264
EUVD
EUVD-2026-34818
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
x.org x_server to 21.1.23 (exc)
x.org xwayland to 24.1.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-50264 is a security vulnerability in the X.Org X server and Xwayland components, specifically in the DRI2 functions DRIGetBuffers and DRIGetBuffersWithFormat.

The flaw is an out-of-bounds heap write that occurs when a local X client requests multiple DRI2BufferBackLeft attachments along with one DRI2BufferFrontLeft attachment.

This improper handling can lead to memory corruption, which may cause the X server to crash or be exploited for privilege escalation if the server is running with root privileges.

Impact Analysis

This vulnerability can impact you by allowing a local attacker with access to the X server to cause a denial of service through a server crash.

More seriously, if the X server is running with root privileges, the attacker could exploit this flaw to escalate their privileges, potentially gaining unauthorized root access.

Detection Guidance

This vulnerability involves an out-of-bounds heap write triggered by a local X client requesting multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft. Detection would involve checking the version of the xorg-x11-server and xorg-x11-server-Xwayland packages installed on your system.

You can detect if your system is vulnerable by verifying the package versions. The affected versions are xorg-x11-server versions up to 21.1.22 and xorg-x11-server-Xwayland versions up to 24.1.9.

Suggested commands to check installed package versions on a Linux system include:

  • For RPM-based systems (e.g., Red Hat, CentOS, Fedora): rpm -q xorg-x11-server xorg-x11-server-Xwayland
  • For Debian-based systems (e.g., Ubuntu): dpkg -l | grep xorg-x11-server

Additionally, monitoring for crashes or unusual behavior in the X server process may indicate exploitation attempts, but no specific detection commands or signatures are provided.

Mitigation Strategies

The primary mitigation step is to update the affected packages to versions where the vulnerability has been fixed.

  • Upgrade xorg-x11-server to version 21.1.23 or later.
  • Upgrade xorg-x11-server-Xwayland to version 24.1.12 or later.

If immediate upgrading is not possible, restrict local access to the X server to trusted users only, as exploitation requires a local client connection.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50264. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart