CVE-2026-34000
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom() and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 0:24.1.5-6.el10_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | 0:1.1.0-25.el6_10.16 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 0:1.20.4-34.el7_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 0:1.8.0-36.el7_9.4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:1.20.10-4.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:1.11.0-8.el8_4.15 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:1.20.10-4.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:1.11.0-8.el8_4.15 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:21.1.3-2.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:1.20.11-7.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:1.12.0-6.el8_6.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On | 0:1.12.0-6.el8_6.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:21.1.3-2.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:1.20.11-7.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:21.1.3-2.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:1.20.11-7.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:21.1.3-13.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:1.20.11-18.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:1.12.0-15.el8_8.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:21.1.3-13.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:1.20.11-18.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:1.12.0-15.el8_8.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:1.15.0-7.el9_8.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:21.1.3-5.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:1.20.11-13.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:1.11.0-22.el9_0.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:21.1.3-10.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:1.20.11-20.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:1.12.0-14.el9_2.14 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:1.20.11-28.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:22.1.9-8.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:1.13.1-8.el9_4.9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:1.20.11-33.el9_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:23.2.7-6.el9_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:1.14.1-10.el9_6 < * | unaffected |
Weaknesses
- CWE-125: Out-of-bounds Read
Workarounds
To mitigate this vulnerability, restrict access to the X11 server. On systems where a graphical environment is not required, consider disabling the X server entirely by setting the default system target to multi-user mode. For systems requiring the X server, ensure that X11 forwarding is disabled in SSH configurations if not explicitly needed, and restrict direct X11 connections to trusted users and networks through firewall rules. If changes are made to SSH configuration, the sshd service must be restarted. If the default system target is changed, a system reboot is required.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/errata/RHSA-2026:19342
- https://access.redhat.com/errata/RHSA-2026:20547
- https://access.redhat.com/errata/RHSA-2026:20555
- https://access.redhat.com/errata/RHSA-2026:20557
- https://access.redhat.com/errata/RHSA-2026:20558
- https://access.redhat.com/errata/RHSA-2026:20560
- https://access.redhat.com/errata/RHSA-2026:20561
- https://access.redhat.com/errata/RHSA-2026:20562
- https://access.redhat.com/errata/RHSA-2026:20563
- https://access.redhat.com/errata/RHSA-2026:20575
- https://access.redhat.com/errata/RHSA-2026:20576
- https://access.redhat.com/errata/RHSA-2026:20590
- https://access.redhat.com/errata/RHSA-2026:21699
- https://access.redhat.com/errata/RHSA-2026:21712
- https://access.redhat.com/errata/RHSA-2026:21715
- https://access.redhat.com/errata/RHSA-2026:21716
- https://access.redhat.com/errata/RHSA-2026:21718
- https://access.redhat.com/errata/RHSA-2026:21741
- https://access.redhat.com/errata/RHSA-2026:21742
- https://access.redhat.com/errata/RHSA-2026:22424
- https://access.redhat.com/errata/RHSA-2026:22456
- https://access.redhat.com/errata/RHSA-2026:23254
- https://access.redhat.com/errata/RHSA-2026:23255
- https://access.redhat.com/errata/RHSA-2026:23496
- https://access.redhat.com/errata/RHSA-2026:24341
- https://access.redhat.com/security/cve/CVE-2026-34000
- https://bugzilla.redhat.com/show_bug.cgi?id=2451107
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.