CVE-2026-33999

Summary

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:24.1.5-6.el10_1 < *unaffected
Red HatRed Hat Enterprise Linux 100:24.1.9-4.el10_2 < *unaffected
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:24.1.5-6.el10_0 < *unaffected
Red HatRed Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION0:1.1.0-25.el6_10.16 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:1.20.4-34.el7_9 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:1.8.0-36.el7_9.4 < *unaffected
Red HatRed Hat Enterprise Linux 80:21.1.3-20.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 80:1.20.11-28.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 80:1.15.0-9.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:1.20.10-4.el8_4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:1.11.0-8.el8_4.15 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:1.20.10-4.el8_4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:1.11.0-8.el8_4.15 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:21.1.3-2.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:1.20.11-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:1.12.0-6.el8_6.17 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On0:1.12.0-6.el8_6.17 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:21.1.3-2.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:1.20.11-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:21.1.3-2.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:1.20.11-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:21.1.3-13.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:1.20.11-18.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:1.12.0-15.el8_8.17 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:21.1.3-13.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:1.20.11-18.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:1.12.0-15.el8_8.17 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.15.0-6.el9_7.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:23.2.7-6.el9_7 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.20.11-33.el9_7 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.15.0-7.el9_8.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.20.11-34.el9_8 < *unaffected
Red HatRed Hat Enterprise Linux 90:24.1.9-4.el9_8 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:21.1.3-5.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:1.20.11-13.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:1.11.0-22.el9_0.17 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:21.1.3-10.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:1.20.11-20.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:1.12.0-14.el9_2.14 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:1.20.11-28.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:22.1.9-8.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:1.13.1-8.el9_4.9 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:1.20.11-33.el9_6 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:23.2.7-6.el9_6 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:1.14.1-10.el9_6 < *unaffected

Weaknesses

  • CWE-191: Integer Underflow (Wrap or Wraparound)

Workarounds

To mitigate this issue, restrict access to the X11 server. For remote access, disable X11 forwarding in SSH configurations if not required. Edit /etc/ssh/sshd_config and set X11Forwarding no. After modifying the configuration, restart the sshd service using systemctl restart sshd. Disabling X11 forwarding may impact remote graphical applications.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

Additional References

References