CVE-2026-34000
MEDIUMX.Org X Server Xwayland - XKB Geometry Out-of-Bounds Read
Title source: manualDescription
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
References (27)
Core 27
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20547
https://access.redhat.com/errata/RHSA-2026:20547
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20555
https://access.redhat.com/errata/RHSA-2026:20555
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20557
https://access.redhat.com/errata/RHSA-2026:20557
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20558
https://access.redhat.com/errata/RHSA-2026:20558
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20560
https://access.redhat.com/errata/RHSA-2026:20560
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20561
https://access.redhat.com/errata/RHSA-2026:20561
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20562
https://access.redhat.com/errata/RHSA-2026:20562
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20563
https://access.redhat.com/errata/RHSA-2026:20563
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20575
https://access.redhat.com/errata/RHSA-2026:20575
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20576
https://access.redhat.com/errata/RHSA-2026:20576
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20590
https://access.redhat.com/errata/RHSA-2026:20590
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21699
https://access.redhat.com/errata/RHSA-2026:21699
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21712
https://access.redhat.com/errata/RHSA-2026:21712
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21715
https://access.redhat.com/errata/RHSA-2026:21715
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21716
https://access.redhat.com/errata/RHSA-2026:21716
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21718
https://access.redhat.com/errata/RHSA-2026:21718
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21741
https://access.redhat.com/errata/RHSA-2026:21741
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21742
https://access.redhat.com/errata/RHSA-2026:21742
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22424
https://access.redhat.com/errata/RHSA-2026:22424
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22456
https://access.redhat.com/errata/RHSA-2026:22456
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:23254
https://access.redhat.com/errata/RHSA-2026:23254
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:23255
https://access.redhat.com/errata/RHSA-2026:23255
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:23496
https://access.redhat.com/errata/RHSA-2026:23496
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:24341
https://access.redhat.com/errata/RHSA-2026:24341
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-34000
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2451107
https://bugzilla.redhat.com/show_bug.cgi?id=2451107
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19342
https://access.redhat.com/errata/RHSA-2026:19342
Scores
CVSS v3
6.1
EPSS
0.0049
EPSS Percentile
38.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (46)
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Support
0:24.1.5-6.el10_0
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
0:1.1.0-25.el6_10.16
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support
0:1.20.4-34.el7_9
Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support
0:1.8.0-36.el7_9.4
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:1.11.0-8.el8_4.15
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:1.20.10-4.el8_4
... and 36 more
Published
May 05, 2026
Tracked Since
May 05, 2026