CVE-2026-56000

Summary

Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.

Affected Software

VendorProductVersion RangeStatus
X.Orgxorg-x11-server0 < 21.1.24affected
X.Orgxwayland0 < 24.1.13affected

Weaknesses

  • CWE-416: CWE-416 Use after free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References