CVE-2026-34000

MEDIUM

X.Org X Server Xwayland - XKB Geometry Out-of-Bounds Read

Title source: manual
STIX 2.1

Description

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.

References (27)

Core 27
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20547
https://access.redhat.com/errata/RHSA-2026:20547
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20555
https://access.redhat.com/errata/RHSA-2026:20555
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20557
https://access.redhat.com/errata/RHSA-2026:20557
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20558
https://access.redhat.com/errata/RHSA-2026:20558
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20560
https://access.redhat.com/errata/RHSA-2026:20560
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20561
https://access.redhat.com/errata/RHSA-2026:20561
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20562
https://access.redhat.com/errata/RHSA-2026:20562
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20563
https://access.redhat.com/errata/RHSA-2026:20563
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20575
https://access.redhat.com/errata/RHSA-2026:20575
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20576
https://access.redhat.com/errata/RHSA-2026:20576
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:20590
https://access.redhat.com/errata/RHSA-2026:20590
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:21699
https://access.redhat.com/errata/RHSA-2026:21699
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:21712
https://access.redhat.com/errata/RHSA-2026:21712
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:21715
https://access.redhat.com/errata/RHSA-2026:21715
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:21716
https://access.redhat.com/errata/RHSA-2026:21716
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:21718
https://access.redhat.com/errata/RHSA-2026:21718
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:21741
https://access.redhat.com/errata/RHSA-2026:21741
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:21742
https://access.redhat.com/errata/RHSA-2026:21742
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:22424
https://access.redhat.com/errata/RHSA-2026:22424
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:22456
https://access.redhat.com/errata/RHSA-2026:22456
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:23254
https://access.redhat.com/errata/RHSA-2026:23254
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:23255
https://access.redhat.com/errata/RHSA-2026:23255
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:23496
https://access.redhat.com/errata/RHSA-2026:23496
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:24341
https://access.redhat.com/errata/RHSA-2026:24341
Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-34000
Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat
RHBZ#2451107
https://bugzilla.redhat.com/show_bug.cgi?id=2451107
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:19342
https://access.redhat.com/errata/RHSA-2026:19342

Scores

CVSS v3 6.1
EPSS 0.0049
EPSS Percentile 38.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (46)
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Support 0:24.1.5-6.el10_0
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.16
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.20.4-34.el7_9
Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.8.0-36.el7_9.4
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:1.11.0-8.el8_4.15
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:1.20.10-4.el8_4
... and 36 more
Published May 05, 2026
Tracked Since May 05, 2026