Fedora Account System
Red Hat Associate
Red Hat Customer
A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters in SyncChangeCounter(). Any X client that can connect to the server can trigger this issue. This may be used to crash the server, or for privilege escalation if the X server runs as root. Components affected: xorg-x11-server, xorg-x11-server-Xwayland Versions affected: xorg-x11-server <= 21.1.22, xorg-x11-server-Xwayland <= 24.1.9 Fixed upstream in xorg-server-21.1.23 and xwayland-24.1.12. Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdd7bf57af208b1ddf57d4683d67104443b44812 Reported via ZDI-CAN-30164 (Trend Micro Zero Day Initiative). Tracking: PSIRTSUPT-16950.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:26562 https://access.redhat.com/errata/RHSA-2026:26562
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:26590 https://access.redhat.com/errata/RHSA-2026:26590
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:26610 https://access.redhat.com/errata/RHSA-2026:26610
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:26709 https://access.redhat.com/errata/RHSA-2026:26709
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:26566 https://access.redhat.com/errata/RHSA-2026:26566
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:28923 https://access.redhat.com/errata/RHSA-2026:28923
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:29844 https://access.redhat.com/errata/RHSA-2026:29844
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:36083 https://access.redhat.com/errata/RHSA-2026:36083
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:36086 https://access.redhat.com/errata/RHSA-2026:36086
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:36087 https://access.redhat.com/errata/RHSA-2026:36087
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:36085 https://access.redhat.com/errata/RHSA-2026:36085
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:36633 https://access.redhat.com/errata/RHSA-2026:36633
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:36632 https://access.redhat.com/errata/RHSA-2026:36632
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:36634 https://access.redhat.com/errata/RHSA-2026:36634
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:36768 https://access.redhat.com/errata/RHSA-2026:36768
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:36791 https://access.redhat.com/errata/RHSA-2026:36791
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:36792 https://access.redhat.com/errata/RHSA-2026:36792
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:36798 https://access.redhat.com/errata/RHSA-2026:36798
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:38502 https://access.redhat.com/errata/RHSA-2026:38502
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:38810 https://access.redhat.com/errata/RHSA-2026:38810