Merge request tracking the fixes: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1189 This issue only affects Xvfb and requires a legacy multi-screen setup with multiple protocol screens ("Zaphod"). Screen cleanup is handled via stackable "modules", but the fb module hardcoded the cleanup path for the screen pixmap instead of calling into the next layer of the stack. This caused a minor memory leak that was fixed with a patch to Xvfb introduced in server 1.13. However, that patch did not remove all references to the freed pixmap, causing a use-after-free during screen cleanup in a lower module. This issue has not yet been fixed, please see the above merge request to track future fixes to this issue. Reference: https://lists.x.org/archives/xorg-announce/2023-October/003430.html
Created xorg-x11-server tracking bugs for this issue: Affects: fedora-all [bug 2246139]
Updated comment #0 with the text from the actual advisory, the fixes for this issue had to be dropped just before the disclosure because they exposed issues in other, more commonly used components.
Created tigervnc tracking bugs for this issue: Affects: fedora-all [bug 2247470]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2298 https://access.redhat.com/errata/RHSA-2024:2298