CVE-2026-33999
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | 0:24.1.5-6.el10_1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 10 | 0:24.1.9-4.el10_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 0:24.1.5-6.el10_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | 0:1.1.0-25.el6_10.16 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 0:1.20.4-34.el7_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 0:1.8.0-36.el7_9.4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:21.1.3-20.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:1.20.11-28.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:1.15.0-9.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:1.20.10-4.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:1.11.0-8.el8_4.15 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:1.20.10-4.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:1.11.0-8.el8_4.15 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:21.1.3-2.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:1.20.11-7.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:1.12.0-6.el8_6.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On | 0:1.12.0-6.el8_6.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:21.1.3-2.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:1.20.11-7.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:21.1.3-2.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:1.20.11-7.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:21.1.3-13.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:1.20.11-18.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:1.12.0-15.el8_8.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:21.1.3-13.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:1.20.11-18.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:1.12.0-15.el8_8.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:1.15.0-6.el9_7.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:23.2.7-6.el9_7 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:1.20.11-33.el9_7 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:1.15.0-7.el9_8.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:1.20.11-34.el9_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:24.1.9-4.el9_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:21.1.3-5.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:1.20.11-13.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:1.11.0-22.el9_0.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:21.1.3-10.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:1.20.11-20.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:1.12.0-14.el9_2.14 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:1.20.11-28.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:22.1.9-8.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:1.13.1-8.el9_4.9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:1.20.11-33.el9_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:23.2.7-6.el9_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:1.14.1-10.el9_6 < * | unaffected |
Weaknesses
- CWE-191: Integer Underflow (Wrap or Wraparound)
Workarounds
To mitigate this issue, restrict access to the X11 server. For remote access, disable X11 forwarding in SSH configurations if not required. Edit /etc/ssh/sshd_config and set X11Forwarding no. After modifying the configuration, restart the sshd service using systemctl restart sshd. Disabling X11 forwarding may impact remote graphical applications.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
Additional References
- https://access.redhat.com/security/cve/CVE-2026-33999
- https://bugzilla.redhat.com/show_bug.cgi?id=2451106
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33999.json
- https://access.redhat.com/errata/RHSA-2026:23496
- https://access.redhat.com/errata/RHSA-2026:22456
- https://access.redhat.com/errata/RHSA-2026:20590
- https://access.redhat.com/errata/RHSA-2026:20563
- https://access.redhat.com/errata/RHSA-2026:11352
- https://access.redhat.com/errata/RHSA-2026:19125
- https://access.redhat.com/errata/RHSA-2026:13414
- https://access.redhat.com/errata/RHSA-2026:11692
- https://access.redhat.com/errata/RHSA-2026:11656
- https://access.redhat.com/errata/RHSA-2026:23254
- https://access.redhat.com/errata/RHSA-2026:21715
- https://access.redhat.com/errata/RHSA-2026:24341
- https://access.redhat.com/errata/RHSA-2026:21718
- https://access.redhat.com/errata/RHSA-2026:21716
- https://access.redhat.com/errata/RHSA-2026:23255
- https://access.redhat.com/errata/RHSA-2026:21742
- https://access.redhat.com/errata/RHSA-2026:21712
- https://access.redhat.com/errata/RHSA-2026:21741
- https://access.redhat.com/errata/RHSA-2026:21699
- https://access.redhat.com/errata/RHSA-2026:20562
- https://access.redhat.com/errata/RHSA-2026:20576
- https://access.redhat.com/errata/RHSA-2026:20557
- https://access.redhat.com/errata/RHSA-2026:20547
- https://access.redhat.com/errata/RHSA-2026:20575
- https://access.redhat.com/errata/RHSA-2026:20555
- https://access.redhat.com/errata/RHSA-2026:20560
- https://access.redhat.com/errata/RHSA-2026:22424
- https://access.redhat.com/errata/RHSA-2026:20558
- https://access.redhat.com/errata/RHSA-2026:20561
- https://access.redhat.com/errata/RHSA-2026:10739
- https://access.redhat.com/errata/RHSA-2026:11388
- https://access.redhat.com/errata/RHSA-2026:11369
- https://access.redhat.com/errata/RHSA-2026:19342
- https://access.redhat.com/errata/RHSA-2026:19343
- https://access.redhat.com/errata/RHSA-2026:19344
References
- https://access.redhat.com/errata/RHSA-2026:10739
- https://access.redhat.com/errata/RHSA-2026:11352
- https://access.redhat.com/errata/RHSA-2026:11369
- https://access.redhat.com/errata/RHSA-2026:11388
- https://access.redhat.com/errata/RHSA-2026:11656
- https://access.redhat.com/errata/RHSA-2026:11692
- https://access.redhat.com/errata/RHSA-2026:13414
- https://access.redhat.com/errata/RHSA-2026:19125
- https://access.redhat.com/errata/RHSA-2026:19342
- https://access.redhat.com/errata/RHSA-2026:19343
- https://access.redhat.com/errata/RHSA-2026:19344
- https://access.redhat.com/errata/RHSA-2026:20547
- https://access.redhat.com/errata/RHSA-2026:20555
- https://access.redhat.com/errata/RHSA-2026:20557
- https://access.redhat.com/errata/RHSA-2026:20558
- https://access.redhat.com/errata/RHSA-2026:20560
- https://access.redhat.com/errata/RHSA-2026:20561
- https://access.redhat.com/errata/RHSA-2026:20562
- https://access.redhat.com/errata/RHSA-2026:20563
- https://access.redhat.com/errata/RHSA-2026:20575
- https://access.redhat.com/errata/RHSA-2026:20576
- https://access.redhat.com/errata/RHSA-2026:20590
- https://access.redhat.com/errata/RHSA-2026:21699
- https://access.redhat.com/errata/RHSA-2026:21712
- https://access.redhat.com/errata/RHSA-2026:21715
- https://access.redhat.com/errata/RHSA-2026:21716
- https://access.redhat.com/errata/RHSA-2026:21718
- https://access.redhat.com/errata/RHSA-2026:21741
- https://access.redhat.com/errata/RHSA-2026:21742
- https://access.redhat.com/errata/RHSA-2026:22424
- https://access.redhat.com/errata/RHSA-2026:22456
- https://access.redhat.com/errata/RHSA-2026:23254
- https://access.redhat.com/errata/RHSA-2026:23255
- https://access.redhat.com/errata/RHSA-2026:23496
- https://access.redhat.com/errata/RHSA-2026:24341
- https://access.redhat.com/security/cve/CVE-2026-33999
- https://bugzilla.redhat.com/show_bug.cgi?id=2451106
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.