Recently, the X.Org Foundation disclosed that nine new security vulnerabilities were discovered in X.Org Server and its XWayland component in early June, eight of which were discovered by Trend Micro's TrendAI zero-day mining program using artificial intelligence technology, and one was reported by Red Hat senior X.Org input subsystem developer Peter Hutterer. This shows that even though it has been many years since security researchers described the X.Org server as "a disaster and worse than it looked" more than a decade ago, security problems with this old graphics system are still emerging.

* Font Alias ​​Stack-based Buffer Overflow
* XSYNC Use-After-Free in miSyncDestroyFence()
* XKB Key Types Stack-based Buffer Overflow
* XKB SetMap Request Stack-based Buffer Overflow
* XSYNC Use-After-Free in FreeCounter()
* XSYNC Use-After-Free in SyncChangeCounter()
* GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write
* CreateSaverWindow Use-After-Free Information Disclosure
* DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write

According to public information, the nine vulnerabilities exposed this time cover typical memory security flaws such as stack buffer overflow, out-of-bounds read and write, and multiple use-after-free, and involve multiple subsystems such as font processing, keyboard layout, synchronization extension, GLX, and DRI2. Specifically include: Font Alias stack base buffer overflow, XSYNC use-after-free in miSyncDestroyFence(), XKB Key Types stack base buffer overflow, XKB SetMap request stack base buffer overflow, XSYNC use-after-free in FreeCounter(), XSYNC use-after-free in SyncChangeCounter(), GLX ChangeDrawableAttributes Out-of-bounds reads and writes, CreateSaverWindow use-after-free information leak, and DRI2 out-of-bounds writes in DRIGetBuffers/DRIGetBuffersWithFormat. Once these issues are exploited maliciously, they may lead to service crashes, unauthorized access, and even leakage of sensitive information, posing substantial risks to desktop and server environments that are still using X.Org Server.

In order to deal with the above risks, the X.Org project has simultaneously released revised versions: xorg-server 21.1.23 and xwayland 24.1.12, which will be online that night to fix these latest disclosed security flaws. The X.Org Foundation released more detailed technical descriptions and fix information through the xorg-announce mailing list, calling on relevant distribution maintainers and end users to complete version updates as soon as possible to reduce potential attack surfaces. As the Linux graphics stack continues to evolve and Wayland deployments gradually expand, the X.Org server still plays a key compatibility role in many distributions and application scenarios, so the timeliness of security updates is still crucial.

It is worth noting that this incident highlights the increasingly important role of AI/large models in the field of security research: Trend Micro’s TrendAI zero-day program discovered eight out of nine new vulnerabilities, demonstrating the effectiveness of automated analysis and intelligent auditing in old, large-scale code bases. As security teams increasingly adopt AI/LLM tools to audit underlying system components, basic software such as X.Org Server and even the Linux kernel may continue to expose more historical issues this summer. It is also expected that the overall security baseline will be gradually improved during the repair process.

learn more:

https://lists.x.org/archives/xorg-announce/2026-June/003702.html