CVE-2026-50257

🗓️ 05 Jun 2026 10:31:22Reported by redhatType

CVE-2026-50257: Use-after-free in miSyncDestroyFence may crash the X.Org X server or enable escalation.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-50257	5 Jun 202610:31	–	attackerkb
Cvelist	CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()	5 Jun 202610:31	–	cvelist
Debian CVE	CVE-2026-50257	5 Jun 202610:31	–	debiancve
EUVD	EUVD-2026-34812	5 Jun 202610:31	–	euvd
NVD	CVE-2026-50257	5 Jun 202612:16	–	nvd
OSV	DEBIAN-CVE-2026-50257	5 Jun 202605:48	–	osv
Positive Technologies	PT-2026-46937	5 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-50257	5 Jun 202610:31	–	redhatcve

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server-Xwayland",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server-Xwayland",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server-Xwayland",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
lists	www.lists.x.org/archives/xorg-announce/2026-June/003702.html
access	www.access.redhat.com/security/cve/CVE-2026-50257
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
gitlab	www.gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
redhat	www.redhat.atlassian.net/browse/PSIRTSUPT-16950

05 Jun 2026 13:27Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.17.8

CWE-416