CVE Catalog

CVE-2026-50264

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile - higher than 4% of all known CVEs

Summary

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client requesting multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write.

Risk Assessment

This vulnerability may allow crashing the X server or privilege escalation if the server runs as root, posing a serious security risk to the system.

Recommendation

Immediately update X.Org X server and Xwayland to a patched version. If not possible, restrict X server access to trusted clients only.

Original NVD description (English source)

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS