AI description
Automated description summarized from trusted sources.
CVE-2026-50260 describes a use-after-free vulnerability identified within the `FreeCounter()` function of the X.Org X server and Xwayland. This flaw can be triggered when a client establishes multiple SyncCounters and awaits their triggers. A second client connection can then destroy these counters, leading to a use-after-free condition. Exploiting this vulnerability could result in the server crashing or, if the X server is running with root privileges, could lead to privilege escalation. The issue was reported by Anonymous from Trend Micro Zero Day Initiative.
- Description
- A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
- Source
- secalert@redhat.com
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-416
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
5