Description
A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Published: 2026-06-05
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a use‑after‑free in the SyncChangeCounter function of the X.Org X server and Xwayland. A client that creates multiple SyncCounters can trigger the flaw when a second client deletes those counters while they are still being changed. The flaw can cause the X server to crash or, if the server is running with root privileges, can be used to elevate privileges of the malicious client. The primary impact is privilege escalation when the X server runs as root, and potential denial of service through a crash.

Affected Systems

Affected users are those running Red Hat Enterprise Linux 6 through 10, as these distributions ship the vulnerable X.Org X server and Xwayland. The flaw applies to all versions of these distributions that include the affected packages before the latest security update.

Risk and Exploitability

The CVSS score of 7.8 indicates a high‑severity flaw. The EPSS score is not available, so the current exploitation probability is unknown. The vulnerability is not listed in the CISA KEV catalog, but the flaw can be triggered by any client that can open a connection to the X server or Xwayland. If exploited, an attacker could crash the server or gain root privileges on systems where the X server runs with elevated rights. The primary attack vector is through a forged X client session, either local or networked, that exercises the counter functionality.

Generated by OpenCVE AI on June 5, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Red Hat security update that patches X.Org X server to eliminate the use‑after‑free flaw.
  • If an update cannot be applied immediately, run the X server under a non‑root user or restrict its privileges to reduce the risk of privilege escalation.
  • Limit client access to the X server by configuring access controls (e.g., xhost or X server configuration) so that only trusted users can connect.

Generated by OpenCVE AI on June 5, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Title Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-416
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-05T12:38:54.542Z

Reserved: 2026-06-04T14:55:24.012Z

Link: CVE-2026-50261

cve-icon Vulnrichment

Updated: 2026-06-05T12:38:49.241Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-05T12:16:39.617

Modified: 2026-06-05T13:27:38.750

Link: CVE-2026-50261

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-50261 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T12:30:40Z

Weaknesses