Executive Summary

A critical vulnerability, CVE-2026-55999, was discovered in X.Org's xorg-server and xwayland. This vulnerability has a CVSS score of 8.5 and can be exploited by local attackers with an X connection to cause a heap buffer overflow via SetFont due to missing glyph boundary checks. Affected versions include xorg-server before 21.2.24 and xwayland before 24.1.13.

Technical Analysis

The vulnerability class of CVE-2026-55999 is a heap buffer overflow. The attack vector involves local attackers with an X connection providing PCX fonts to the X server. The root cause of this vulnerability is the missing glyph boundary checks in the SetFont function. This allows an attacker to overflow the heap buffer, potentially leading to arbitrary code execution.

How It Gets Exploited

An attacker with local access and an X connection can exploit this vulnerability by providing a specially crafted PCX font to the X server. The attacker would send a malicious font request to the X server, which would then process the font without properly checking the glyph boundaries. This would cause a heap buffer overflow, potentially allowing the attacker to execute arbitrary code with the privileges of the X server.

Impact Assessment

The affected products are xorg-server and xwayland, with versions before 21.2.24 and 24.1.13 being vulnerable. The impact of this vulnerability is high, with an attacker potentially able to achieve arbitrary code execution, confidentiality impact, integrity impact, and availability impact. The CVSS score of 8.5 reflects the high severity of this vulnerability.

Recommended Actions

To mitigate this vulnerability, it is recommended to update xorg-server to version 21.2.24 or later and xwayland to version 24.1.13 or later. Additionally, administrators should ensure that only trusted fonts are used and that the X server is properly configured to restrict font access.

Sources

- National Vulnerability Database (NVD) - X.Org