16 matches found
Astra Linux – Vulnerability in xwayland, xorg-server
A flaw was discovered in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...
Astra Linux – Vulnerability in xwayland, xorg-server
A buffer overflow vulnerability was discovered in X.Org and Xwayland. The function GetBarrierDevice searches for the pointer device based on its device ID and returns the matching value, or NULL, if no match is found. However, if no matching device ID is found, the code will return the last eleme...
EUVD-2026-34817
A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...
CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...
CVE-2026-50257
A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence. A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection...
RLSA-2026:19343 Important: xorg-x11-server security update
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling...
xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...
xorg: xwayland: Use-after-free in SyncInitTrigger()
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...
xorg: xwayland: Use-after-free in PlayReleasedEvents()
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free...
xorg: xwayland: Heap overflow in XkbWriteKeySyms()
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms differs from what is written in XkbWriteKeySyms, which may lead to a heap-based buffer overflow...
xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey()
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because t...
xorg: xwayland: Use of uninitialized pointer in compRedirectWindow()
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow will return a BadAlloc error without validating the window tree marked just before, which leaves the...
X.Org: Xwayland: Use-after-free of the root cursor
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free...
xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient()
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching...
The vulnerability of the ProcXkbGetKbdByName function in the xkb/xkb.c component of the Wayland protocol for X.Org XWayland, which is part of the X Window System X.Org Server, allows a malicious actor to cause a service failure.
The vulnerability of the ProcXkbGetKbdByName function in the xkb/xkb.c component of the Wayland protocol for X.Org XWayland, which is part of the X Window System X.Org Server, is related to improper memory release before deleting the last reference. Exploiting this vulnerability allows a remote...
USN-6453-1 xorg-server, xwayland vulnerabilities
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. CVE-2023-5367 Sri discovered that the X.Org X Server incorrectl...