X.Org Server Starts June With Nine New Security Vulnerabilities Discovered Via AI - Phoronix
Articles & Reviews
News Archive
Forums
Premium Ad-Free<br>Contact
Popular Categories
Close
Articles & Reviews
News Archive
Forums
Premium
Contact
Categories
Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals
X.Org Server Starts June With Nine New Security Vulnerabilities Discovered Via AI
Written by Michael Larabel in X.Org on 1 June 2026 at 08:34 PM EDT. 1 Comment
There are nine new security vulnerabilities impacting the X.Org Server as well as the XWayland component. Yep, more than a decade after X.Org Server security issues began coming to light with a security research acknowledging it's a disaster and "it's worse than it looks", it continues holding true.
These latest security vulnerabilities were uncovered using AI... In particular, Trend Micro's TrendAI Zero Day Initiative. TrendAI found eight of the nine vulnerabilities made public today with longtime X.Org input developer Peter Hutterer of Red Hat discovering the ninth.
The latest X.Org Server codebase vulnerabilities include:
* Font Alias Stack-based Buffer Overflow
* XSYNC Use-After-Free in miSyncDestroyFence()
* XKB Key Types Stack-based Buffer Overflow
* XKB SetMap Request Stack-based Buffer Overflow
* XSYNC Use-After-Free in FreeCounter()
* XSYNC Use-After-Free in SyncChangeCounter()
* GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write
* CreateSaverWindow Use-After-Free Information Disclosure
* DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write
More details on today's security disclosures via the xorg-announce list. In turn xorg-server 21.1.23 and xwayland 24.1.12 are released tonight in order to address these very latest security issues. With the growing use of AI/LLMs for security research, it will be interesting to see how many more issues are uncovered this summer in the X.Org Server codebase considering the brisk pace of security issues as well cropping up in the Linux kernel.
1 Comment
Tweet
X.Org Server 21.1.22 Released Due To Five New Security Vulnerabilities<br>X.Org Server's "Master" Branch Now Closed With Cleaned Up State On "Main"<br>X.Org Developers Conference 2026 Being Hosted By Arm In Toronto<br>Several New X.Org Libraries See 2026 Releases<br>X.Org Server May Create A New Selective Git Branch With Hopes Of A New Release This Year<br>X.Org IMAKE Updated For Those Not Yet Transitioned To Autoconf/Automake Or Meson
Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.
FreeBSD Foundation Executive Director Tries Daily Driving FreeBSD On Laptop<br>Intel Introducing USB4STREAM Protocol For Linux - Opening Up Some Nifty Uses For USB4<br>California's Age Verification Law May End Up Exempting Most Linux Distributions<br>KernelScript: A Programming Language For Kernel Customization & App Optimizations<br>Linux Developers Looking At Retiring The x32 ABI<br>Google's ANGLE Merges Wayland Support, Unblocking Chromium Embedded Framework On Wayland<br>Boot-Time Wizard Aims To Help Reduce Linux Boot Times<br>GitHub Copilot & Claude Code Helped With Graphics, WiFi Linux Driver Issues This Week
X.Org Server Starts June With Nine New Security Vulnerabilities Discovered Via AI
Phoronix Marking 22 Years Of Linux Hardware Coverage This Week
Intel Xeon Diamond Rapids EDAC Driver Changes Readied For Linux 7.2
Intel Preparing WiFi 8 "UHR" Support For Their IWLWIFI Linux Driver
Linux 7.2 Proceeding To Deprecate AF_ALG Due To "Massive Attack Surface", Drops Offloading
Some Elements Of Intel APX Not Proving Beneficial On Nova Lake / Diamond Rapids
NBD-VRAM Provides Swap Space On Your NVIDIA GeForce GPUs
NVIDIA Announces RTX Spark Superchip For Laptops & Desktops
AI-Driven Security Disclosures, NVIDIA Vera & Linux 7.1 Features That Made An Exciting May
Dell Uses Intel Wildcat Lake To Deliver Their Cheapest XPS 13 Ever
Linux 7.1-rc6 Released Following Another "Larger-Than-I'd-Wish-For Size" Week
KDE Linux Prunes Its Insecure & Unused Software
Phoronix Premium allows ad-free access to the site, multi-page articles on a single page, and other features while supporting this site's continued operations.
AMD Radeon RX 9070 GRE Linux Performance
Intel Xeon 6+ & Intel Ethernet E835 Launch
AMD Announces Radeon RX 9070 GRE, Ryzen AI Max PRO 400 Series
CachyOS Delivers Lead Over Arch Linux, Pop!_OS & Ubuntu On System76 Thelio Major
Cache Aware Scheduling Shows Nice Wins For AMD Zen 5 On PostgreSQL, Valkey, Network...