{"slug": "x-org-server-starts-june-with-nine-new-security-vulnerabilities-discovered-via", "title": "X.Org Server Starts June With Nine New Security Vulnerabilities Discovered Via AI", "summary": "Nine new security vulnerabilities have been discovered in the X.Org Server and XWayland component, with eight of them identified by Trend Micro's TrendAI Zero Day Initiative and the ninth by Red Hat developer Peter Hutterer. The flaws include stack-based buffer overflows, use-after-free issues, and out-of-bounds read/write vulnerabilities, marking the latest in a long-running series of security issues for the aging X.Org Server codebase.", "body_md": "# X.Org Server Starts June With Nine New Security Vulnerabilities Discovered Via AI\n\nThere are nine new security vulnerabilities impacting the X.Org Server as well as the XWayland component. Yep, more than a decade after X.Org Server security issues began coming to light with a security research\n\nThese latest security vulnerabilities were uncovered using AI... In particular, Trend Micro's TrendAI Zero Day Initiative. TrendAI found eight of the nine vulnerabilities made public today with longtime X.Org input developer Peter Hutterer of Red Hat discovering the ninth.\n\nThe latest X.Org Server codebase vulnerabilities include:\n\nMore details on today's security disclosures via the\n\n[acknowledging it's a disaster and \"it's worse than it looks\"](https://www.phoronix.com/news/MTU1NzA), it continues holding true.These latest security vulnerabilities were uncovered using AI... In particular, Trend Micro's TrendAI Zero Day Initiative. TrendAI found eight of the nine vulnerabilities made public today with longtime X.Org input developer Peter Hutterer of Red Hat discovering the ninth.\n\nThe latest X.Org Server codebase vulnerabilities include:\n\n* Font Alias Stack-based Buffer Overflow\n\n* XSYNC Use-After-Free in miSyncDestroyFence()\n\n* XKB Key Types Stack-based Buffer Overflow\n\n* XKB SetMap Request Stack-based Buffer Overflow\n\n* XSYNC Use-After-Free in FreeCounter()\n\n* XSYNC Use-After-Free in SyncChangeCounter()\n\n* GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write\n\n* CreateSaverWindow Use-After-Free Information Disclosure\n\n* DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write\n\nMore details on today's security disclosures via the", "url": "https://wpnews.pro/news/x-org-server-starts-june-with-nine-new-security-vulnerabilities-discovered-via", "canonical_source": "https://www.phoronix.com/news/X.Org-9-Vulnerabilities-AI", "published_at": "2026-06-02 00:34:17+00:00", "updated_at": "2026-06-02 20:57:01.097170+00:00", "lang": "en", "topics": ["ai-research", "ai-safety", "artificial-intelligence"], "entities": ["X.Org Server", "XWayland", "Trend Micro", "TrendAI", "Zero Day Initiative", "Peter Hutterer", "Red Hat"], "alternates": {"html": "https://wpnews.pro/news/x-org-server-starts-june-with-nine-new-security-vulnerabilities-discovered-via", "markdown": "https://wpnews.pro/news/x-org-server-starts-june-with-nine-new-security-vulnerabilities-discovered-via.md", "text": "https://wpnews.pro/news/x-org-server-starts-june-with-nine-new-security-vulnerabilities-discovered-via.txt", "jsonld": "https://wpnews.pro/news/x-org-server-starts-june-with-nine-new-security-vulnerabilities-discovered-via.jsonld"}}