LIVE · cybersecurity feed

information disclosure

zeroday.news · 14d ago·high

ZDI-26-397: X.Org Server CreateSaverWindow Use-After-Free Information Disclosure Vulnerability

A local privilege escalation vulnerability has been discovered in X.Org Server, specifically within the handling of ScreenSaverScreenPrivateRec objects. This flaw allows attackers with low-privileged access to disclose sensitive information and potentially execute arbitrary code as root by exploiting the server's failure to validate object existence before operations. An update has been released to address this issue.