Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.
{
"cwe_ids": [
"CWE-416"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56000.json",
"cna_assigner": "suse"
}{
"cpe": "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "24.1.13"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}"2026-07-14T20:30:41Z"
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-56000.json"
[
{
"id": "CVE-2026-56000-1eb66220",
"digest": {
"threshold": 0.9,
"line_hashes": [
"26528802146205448982549149324329759841",
"324428784491797412274511116477361628678",
"139723438212190103608208512547304349993",
"293550403756843557699337264008343925607",
"310721306520338205900229397895117890080",
"224728677515641125050902666596200622327",
"126036847386262721829419563346249005159",
"200155076335444321006559343227506359941",
"197917230748099180803045588100327109290"
]
},
"source": "https://gitlab.freedesktop.org/xorg/xserver@2779affbdb4354e894f490e56f962527d6125043",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "glx/vndcmds.c"
}
},
{
"id": "CVE-2026-56000-f15fe7ec",
"digest": {
"function_hash": "144673586255974078079915957734256006091",
"length": 1260.0
},
"source": "https://gitlab.freedesktop.org/xorg/xserver@2779affbdb4354e894f490e56f962527d6125043",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "CommonMakeCurrent",
"file": "glx/vndcmds.c"
}
}
]