A use-after-free flaw was found in the X.Org X server and...
High severity
Unreviewed
Published
Jun 5, 2026
to the GitHub Advisory Database
•
Updated Jul 13, 2026
Description
Published by the National Vulnerability Database
Jun 5, 2026
Published to the GitHub Advisory Database
Jun 5, 2026
Last updated
Jul 13, 2026
A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root.
References