CVE-2026-50257

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
05/06/2026
Last modified:
09/07/2026

Description

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* 21.1.23 (excluding)
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* 24.1.12 (excluding)
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools