Fluid Attacks Database

Description

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel8	xorg-x11-server-Xwayland	<0:21.1.3-20.el8_10	0:21.1.3-20.el8_10
rpm rhel10	xorg-x11-server-Xwayland	<0:24.1.5-6.el10_1 \|\| >=0:24.1.9, <0:24.1.9-4.el10_2	0:24.1.9-4.el10_2
rpm rhel8	xorg-x11-server	<0:1.20.11-28.el8_10	0:1.20.11-28.el8_10
rpm rhel6	tigervnc	-	-
rpm rhel8	tigervnc	<0:1.15.0-9.el8_10	0:1.15.0-9.el8_10
rpm rhel6	xorg-x11-server	-	-
rpm rhel7	tigervnc	-	-
rpm rhel9	tigervnc	<0:1.15.0-7.el9_8.1	0:1.15.0-7.el9_8.1
debian 12	xorg-server	=2:21.1.7-3 \|\| =2:21.1.7-3+deb12u1 \|\| =2:21.1.7-3+deb12u10 \|\| =2:21.1.7-3+deb12u11 \|\| =2:21.1.7-3+deb12u2 \|\| =2:21.1.7-3+deb12u3 \|\| =2:21.1.7-3+deb12u4 \|\| =2:21.1.7-3+deb12u5 \|\| =2:21.1.7-3+deb12u6 \|\| =2:21.1.7-3+deb12u7 \|\| =2:21.1.7-3+deb12u8 \|\| =2:21.1.7-3+deb12u9 \|\| >=0 <2:21.1.7-3+deb12u12	2:21.1.7-3+deb12u12
rpm rhel9	xorg-x11-server	<0:1.20.11-34.el9_8	0:1.20.11-34.el9_8

1-10 of 27

Aliases

1. CVE-2026-340012. NVD-2026-340013. OSV-2026-340014. OSV-DEBIAN-2026-340015. SECURITY-TRACKER-CVE-2026-34001

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.