Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-06-02T00:00:00 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-125

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.

Red Hat rates this issue as Moderate impact. In xorg-x11-server and xorg-x11-server-Xwayland, __glXDisp_ChangeDrawableAttributes() validates request size incorrectly, allowing a local X client to read bytes beyond the GLX request buffer—information disclosure. An out-of-bounds write path also exists but requires byte-swapped clients, which is disabled by default on Red Hat builds. Any local user who can connect to the X server display can trigger the read path. Upstream fixed this in xorg-server 21.1.23 and xwayland 24.1.12. Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter. Red Hat Enterprise Linux 10 2026-06-22T00:00:00Z RHSA-2026:26566 xorg-x11-server-Xwayland-0:24.1.9-4.el10_2.2 Red Hat Enterprise Linux 8 2026-06-17T00:00:00Z RHSA-2026:26562 xorg-x11-server-Xwayland-0:21.1.3-20.el8_10.2 Red Hat Enterprise Linux 8 2026-06-17T00:00:00Z RHSA-2026:26709 xorg-x11-server-0:1.20.11-28.el8_10.2 Red Hat Enterprise Linux 9 2026-06-17T00:00:00Z RHSA-2026:26590 xorg-x11-server-Xwayland-0:24.1.9-4.el9_8.2 Red Hat Enterprise Linux 9 2026-06-17T00:00:00Z RHSA-2026:26610 xorg-x11-server-0:1.20.11-34.el9_8.2 Red Hat Enterprise Linux 6 Affected tigervnc Red Hat Enterprise Linux 6 Out of support scope xorg-x11-server Red Hat Enterprise Linux 7 Affected tigervnc Red Hat Enterprise Linux 7 Affected xorg-x11-server Red Hat Enterprise Linux 8 Affected tigervnc Red Hat Enterprise Linux 9 Affected tigervnc https://www.cve.org/CVERecord?id=CVE-2026-50262 https://nvd.nist.gov/vuln/detail/CVE-2026-50262 https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145 https://lists.x.org/archives/xorg-announce/2026-June/003702.html https://redhat.atlassian.net/browse/PSIRTSUPT-16950