PatchSiren cyber security CVE debrief
CVE-2026-50264 Red Hat CVE debrief
CVE-2026-50264 is a HIGH severity vulnerability with a CVSS score of 7.8. An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 10
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of X.Org X server and Xwayland should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability exists in the DRIGetBuffers/DRIGetBuffersWithFormat functions of the X.Org X server and Xwayland. An out-of-bounds write can occur when a client requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft attachment.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates from the vendor as soon as possible.
- Restrict access to the X server to trusted users only.
- Monitor for suspicious activity on the X server.
Evidence notes
The CVE record was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-50264). The NVD detail page is available at [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-50264). Additional information can be found at [ref-4](https://access.redhat.com/security/cve/CVE-2026-50264), [ref-5](https://bugzilla.redhat.com/show_bug.cgi?id=2485389), [ref-6](https://gitlab.freedesktop.org/xorg/xserver/-/commit/339c279514326134b0878fc23ce6e9520440ce7f), [ref-7](https://lists.x.org/archives/xorg-announce/2026-June/003702.html), and [ref-8](https://redhat.atlassian.net/browse/PSIRTSUPT-16950).
Official resources
CVE-2026-50264 was published on 2026-06-05T12:16:40.080Z and modified on 2026-06-05T13:27:38.750Z.