CVE-2026-56000 in xorg-x11-serverinfo

Summary

by MITRE • 07/08/2026

Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/08/2026

This vulnerability represents a critical heap corruption issue affecting xorg-server versions prior to 21.2.24 and xwayland versions prior to 24.1.13, where local attackers with X connection privileges can trigger a heap use after free condition through GLX commit operations. The flaw occurs within the CommonMakeCurrent() function which maintains pointers into memory that may have been reallocated or freed during the graphics context switching process. This represents a classic heap-based buffer overflow vulnerability that can lead to arbitrary code execution or system instability when malicious GLX operations are performed against the X server.

The technical root cause stems from improper memory management within the OpenGL extension implementation where the CommonMakeCurrent() function fails to properly validate memory references before dereferencing them during graphics context transitions. This allows attackers to manipulate the memory layout through carefully crafted GLX commits, potentially causing the system to access freed memory regions or corrupted heap structures. The vulnerability is particularly dangerous because it operates at the graphics server level where memory corruption can lead to privilege escalation or complete system compromise. According to CWE classification, this maps to CWE-416 Use After Free, a well-documented vulnerability pattern that has been consistently exploited in graphics and display server components across multiple vendors.

The operational impact of this vulnerability extends beyond simple denial of service scenarios as local attackers with X connection access can leverage this flaw to execute arbitrary code with the privileges of the X server process. This creates significant security implications for systems running graphical environments where users might have local access or be subject to privilege escalation attacks. The attack vector specifically targets the graphics subsystem through legitimate GLX operations, making detection more challenging as these activities appear normal within the context of legitimate graphics applications. Systems utilizing xorg-server and xwayland components are particularly vulnerable, with the risk increasing in environments where multiple users share the same graphical session or where untrusted processes can establish X connections.

Mitigation strategies should prioritize immediate patching of affected xorg-server and xwayland versions to 21.2.24 and 24.1.13 respectively, as these releases contain the necessary memory management fixes for the CommonMakeCurrent() function. Additional protective measures include implementing strict access controls on X server connections, utilizing X11 access control lists to limit which users or processes can establish connections, and employing runtime monitoring solutions that can detect anomalous GLX operations. Organizations should also consider implementing network segmentation to prevent local privilege escalation attacks and regularly audit X server configurations for unnecessary permissions. From an ATT&CK framework perspective, this vulnerability maps to T1068 Exploitation for Privilege Escalation and T1543 Create or Modify System Process, as it enables attackers to gain elevated privileges through graphics subsystem exploitation. The vulnerability demonstrates how seemingly benign graphics operations can become attack vectors when memory management flaws exist in core system components, highlighting the importance of rigorous security testing for display server implementations.

Responsible

Suse

Reservation

06/18/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!