GHSA-4gcc-rqqq-58jp
Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local X display access required (AV:L); PR:L because valid X client authorization is needed; scope change (S:C) as X server compromise affects all connected clients.
Primary rating from Vendor (CNA).
CVSS VectorVendor
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2Description PRE-NVD
Articles & Coverage 1
AnalysisAI
Use-after-free in the GLX dispatch layer of X.Org X Server and Xwayland allows an authenticated X client to corrupt heap memory by triggering a contextTags array reallocation while a stale pointer is still held. The attacker crafts a deterministic sequence of exactly 34 GLX requests - 17 CreateContext and 17 MakeCurrent calls - to force the realloc, after which GlxFreeContextTag writes zeros into freed memory at five fixed offsets. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an active, authorized connection to an X11 display that has GLX support enabled - the attacker must be able to create GLX rendering contexts via the X protocol. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS vector, EPSS score, or CISA KEV entry is available for this CVE, which limits automated risk scoring. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local attacker with access to the X display - either directly on the machine or via an authorized remote X11 connection - connects as a GLX-capable client and issues 16 CreateContext calls followed by MakeCurrent(oldContextTag=0) for each, filling all 16 tag slots to capacity. A 17th MakeCurrent with a non-zero oldContextTag triggers GlxAllocContextTag() to realloc the contextTags array; if the allocator moves the buffer, oldTag is now dangling, and the ensuing GlxFreeContextTag(oldTag) writes controlled zeros into freed heap memory. … |
| Remediation | The primary remediation is to upgrade to xorg-server-21.1.24 or xwayland-24.1.13, which include the fix commit 2779affbdb4354e894f490e56f962527d6125043 (see https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory systems running X.Org X Server and Xwayland; document which systems expose X11 sockets to untrusted users or networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
A flaw was found in xorg-x11-server before 1.20.3. Rated medium severity (CVSS 6.6), this vulnerability is low attack co
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. Rated high severity (C
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context
A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta
A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta
A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta
A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta
A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta
A vulnerability classified as critical was found in X.org Server. Rated high severity (CVSS 8.8), this vulnerability is
A out-of-bounds write flaw was found in the xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low a
A flaw was found in xorg-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-o
Local privilege escalation via heap buffer overflow in the X.Org Server (versions before 21.1.24) and Xwayland (before 2
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42202