CVE-2026-34001

Summary

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:24.1.5-6.el10_1 < *unaffected
Red HatRed Hat Enterprise Linux 100:24.1.9-4.el10_2 < *unaffected
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:24.1.5-6.el10_0 < *unaffected
Red HatRed Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION0:1.1.0-25.el6_10.16 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:1.20.4-34.el7_9 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:1.8.0-36.el7_9.4 < *unaffected
Red HatRed Hat Enterprise Linux 80:21.1.3-20.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 80:1.20.11-28.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 80:1.15.0-9.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:1.20.10-4.el8_4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:1.11.0-8.el8_4.15 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:1.20.10-4.el8_4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:1.11.0-8.el8_4.15 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:21.1.3-2.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:1.20.11-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:1.12.0-6.el8_6.17 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On0:1.12.0-6.el8_6.17 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:21.1.3-2.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:1.20.11-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:21.1.3-2.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:1.20.11-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:21.1.3-13.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:1.20.11-18.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:1.12.0-15.el8_8.17 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:21.1.3-13.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:1.20.11-18.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:1.12.0-15.el8_8.17 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.15.0-6.el9_7.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:23.2.7-6.el9_7 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.20.11-33.el9_7 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.15.0-7.el9_8.1 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.20.11-34.el9_8 < *unaffected
Red HatRed Hat Enterprise Linux 90:24.1.9-4.el9_8 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:21.1.3-5.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:1.20.11-13.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:1.11.0-22.el9_0.17 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:21.1.3-10.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:1.20.11-20.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:1.12.0-14.el9_2.14 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:1.20.11-28.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:22.1.9-8.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:1.13.1-8.el9_4.9 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:1.20.11-33.el9_6 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:23.2.7-6.el9_6 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:1.14.1-10.el9_6 < *unaffected

Weaknesses

  • CWE-825: Expired Pointer Dereference

Workarounds

To mitigate this issue, restrict access to the X11 server to trusted users and networks. If the X.Org X server is not required, consider disabling or uninstalling it. For environments where the X server is essential, running X applications within a sandboxed environment can help reduce the attack surface.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

Additional References

References