Heap Use After Free Vulnerability in Xorg and Xwayland
CVE-2026-56000
9CRITICAL
What is CVE-2026-56000?
In the X server versions prior to 21.2.24 and Xwayland versions prior to 24.1.13, a vulnerability exists that allows local attackers to exploit a heap use after free condition. This arises when the CommonMakeCurrent() function references memory that may have been reallocated, leading to potential manipulation of the X server environment. Attackers with the ability to send GLX commits to the server can leverage this flaw to cause unexpected behavior or crashes.
Affected Version(s)
xorg-x11-server 0 < 21.1.24
xwayland 0 < 24.1.13
References
CVSS V4
Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Anonymous working with Trend Micro Zero Day Initiative.
