Description
An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
Published: 2026-06-05
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds read flaw was identified in the X.Org X server and Xwayland in the glXChangeDrawableAttributes function. The flaw occurs because a size validation check allows a client to request an invalid number of bytes, causing a read that extends beyond the bounds of the request buffer. A write path also exists but requires byte‑swapped clients, a mode that is disabled by default. The vulnerability falls under CWE‑125 and can lead to disclosure of interpreter or memory contents; if the write path were leveraged, it could enable further exploitation such as unauthorized memory modification.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux deployments running the X.Org X server on versions 6, 7, 8, 9, and 10. The affected packages are the standard Xorg‑x11‑server and Xwayland components shipped with RHEL.

Risk and Exploitability

The CVSS v3.1 score of 5.5 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no widespread exploitation is currently documented. The primary attack vector is a locally or remotely connected X client capable of sending arbitrarily crafted GLX requests. Because X servers typically run with local user privileges, the risk profile is higher for administrators who allow untrusted clients or expose the X display over a network. Formal exploitation would require a crafted client, and no public exploit exists as of the data provided.

Generated by OpenCVE AI on June 5, 2026 at 12:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest RHEL security updates for the Xorg‑x11‑server packages to incorporate the vendor fix.
  • If the update is delayed, block or restrict X protocol access using firewall rules or SELinux policies so that only trusted local clients can connect.
  • Consider disabling Xwayland or replacing it with a more recent X server version while the vendor issue remains unresolved.
  • Monitor the X server for abnormal GLX request patterns and apply stricter input validation if possible.

Generated by OpenCVE AI on June 5, 2026 at 12:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
Title Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-125
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-05T10:36:43.916Z

Reserved: 2026-06-04T14:55:24.012Z

Link: CVE-2026-50262

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-05T12:16:39.770

Modified: 2026-06-05T13:27:38.750

Link: CVE-2026-50262

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-50262 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T13:00:14Z

Weaknesses