CVE-2026-56000

X.Org · xorg-x11-server

A heap use-after-free vulnerability in X.Org xorg-x11-server and xwayland allows local attackers with a GLX connection to trigger memory corruption via the CommonMakeCurrent() function.

Executive summary

A heap use-after-free vulnerability in X.Org xorg-x11-server and xwayland could allow a local attacker to achieve arbitrary code execution or cause a system crash.

Vulnerability

This is a Use-After-Free (CWE-416) vulnerability occurring when the CommonMakeCurrent() function references reallocated memory. An attacker must have an active X connection to provide a GLX commit to the server to trigger this flaw.

Business impact

While the CVSS score of 9.0 indicates a Critical severity, the requirement for local access somewhat limits the immediate attack surface. However, successful exploitation could lead to total system compromise, including privilege escalation and unauthorized data access, resulting in significant operational downtime and potential loss of data integrity.

Remediation

Immediate Action: Update xorg-x11-server to version 21.1.24 or later, and xwayland to version 24.1.13 or later.

Proactive Monitoring: Monitor system logs for unusual X server crashes or segmentation faults that may indicate an exploitation attempt.

Compensating Controls: Restrict access to the X server environment to trusted users only and implement kernel-level protections (e.g., ASLR/DEP) to make heap-based exploitation more difficult.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the critical nature of memory corruption vulnerabilities, organizations should prioritize patching their display server packages. Ensure all graphical session environments are updated to the specified versions to mitigate the risk of local privilege escalation.