Description
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.
Problem types
Product status
Any version before 21.1.24
Any version before 24.1.13
Credits
Anonymous working with Trend Micro Zero Day Initiative.
References
gitlab.freedesktop.org/...fbdb4354e894f490e56f962527d6125043
www.openwall.com/lists/oss-security/2026/07/08/2