Fedora Account System
Red Hat Associate
Red Hat Customer
A wrong size validation check in __glXDisp_ChangeDrawableAttributes() can read (or write) a client-controlled number of bytes, exceeding the request buffer. The write path requires byte-swapped clients which is disabled by default. The read can lead to information disclosure; the write can crash the server or enable privilege escalation if the X server runs as root. Any X client that can connect to the server can trigger this issue. Components affected: xorg-x11-server, xorg-x11-server-Xwayland Versions affected: xorg-x11-server <= 21.1.22, xorg-x11-server-Xwayland <= 24.1.9 Fixed upstream in xorg-server-21.1.23 and xwayland-24.1.12. Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145 Reported via ZDI-CAN-30165 (Trend Micro Zero Day Initiative). Tracking: PSIRTSUPT-16950.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:26562 https://access.redhat.com/errata/RHSA-2026:26562
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:26590 https://access.redhat.com/errata/RHSA-2026:26590
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:26610 https://access.redhat.com/errata/RHSA-2026:26610
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:26709 https://access.redhat.com/errata/RHSA-2026:26709
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:26566 https://access.redhat.com/errata/RHSA-2026:26566
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:28923 https://access.redhat.com/errata/RHSA-2026:28923
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:29844 https://access.redhat.com/errata/RHSA-2026:29844
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:36083 https://access.redhat.com/errata/RHSA-2026:36083
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:36086 https://access.redhat.com/errata/RHSA-2026:36086
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:36087 https://access.redhat.com/errata/RHSA-2026:36087
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:36085 https://access.redhat.com/errata/RHSA-2026:36085