AI description
Automated description summarized from trusted sources.
CVE-2026-50257 describes a use-after-free vulnerability present in the X.Org X server and Xwayland, specifically within the `miSyncDestroyFence()` function. This flaw allows a client to trigger a use-after-free function pointer call by configuring multiple fence triggers. An attacker can exploit this by connecting to the X server, setting up a fence, and then using a second X connection to destroy that fence. This action causes the use-after-free condition, which can lead to the server crashing or potentially to privilege escalation if the X server is running with root privileges.
- Description
- A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root.
- Source
- secalert@redhat.com
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-416
- Hype score
- Not currently trending