AI description
Automated description summarized from trusted sources.
CVE-2026-50261 describes a use-after-free vulnerability found in the `SyncChangeCounter()` function of the X.Org X server and Xwayland. This flaw can be exploited by a client that establishes multiple `SyncCounters` and subsequently destroys them through a separate client connection while these counters are in the process of being modified. The successful exploitation of this vulnerability could lead to a server crash. Additionally, if the X server is operating with root privileges, it could potentially result in privilege escalation.
- Description
- A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
- Source
- secalert@redhat.com
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-416
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3