CVE-2026-34002
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 0:24.1.5-6.el10_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | 0:1.1.0-25.el6_10.16 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 0:1.20.4-34.el7_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 0:1.8.0-36.el7_9.4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:1.20.10-4.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:1.11.0-8.el8_4.15 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:1.20.10-4.el8_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:1.11.0-8.el8_4.15 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:21.1.3-2.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:1.20.11-7.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:1.12.0-6.el8_6.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On | 0:1.12.0-6.el8_6.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:21.1.3-2.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:1.20.11-7.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:21.1.3-2.el8_6.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:1.20.11-7.el8_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:21.1.3-13.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:1.20.11-18.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:1.12.0-15.el8_8.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:21.1.3-13.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:1.20.11-18.el8_8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:1.12.0-15.el8_8.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:21.1.3-5.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:1.20.11-13.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:1.11.0-22.el9_0.17 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:21.1.3-10.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:1.20.11-20.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:1.12.0-14.el9_2.14 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:1.20.11-28.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:22.1.9-8.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:1.13.1-8.el9_4.9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:1.20.11-33.el9_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:23.2.7-6.el9_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:1.14.1-10.el9_6 < * | unaffected |
Weaknesses
- CWE-805: Buffer Access with Incorrect Length Value
Workarounds
To mitigate this vulnerability, restrict access to the X11 server. If the X.Org X server is not required on a system, consider disabling or uninstalling it. For systems where the X server is necessary, ensure that access is limited to trusted users and networks. This can involve configuring xhost or implementing firewall rules to restrict connections to the X server. Any changes to X server configuration or service status may require a restart of the X server for the mitigation to take effect, which will impact active graphical sessions.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/errata/RHSA-2026:20547
- https://access.redhat.com/errata/RHSA-2026:20555
- https://access.redhat.com/errata/RHSA-2026:20557
- https://access.redhat.com/errata/RHSA-2026:20558
- https://access.redhat.com/errata/RHSA-2026:20560
- https://access.redhat.com/errata/RHSA-2026:20561
- https://access.redhat.com/errata/RHSA-2026:20562
- https://access.redhat.com/errata/RHSA-2026:20563
- https://access.redhat.com/errata/RHSA-2026:20575
- https://access.redhat.com/errata/RHSA-2026:20576
- https://access.redhat.com/errata/RHSA-2026:20590
- https://access.redhat.com/errata/RHSA-2026:21699
- https://access.redhat.com/errata/RHSA-2026:21712
- https://access.redhat.com/errata/RHSA-2026:21715
- https://access.redhat.com/errata/RHSA-2026:21716
- https://access.redhat.com/errata/RHSA-2026:21718
- https://access.redhat.com/errata/RHSA-2026:21741
- https://access.redhat.com/errata/RHSA-2026:21742
- https://access.redhat.com/errata/RHSA-2026:22424
- https://access.redhat.com/errata/RHSA-2026:22456
- https://access.redhat.com/errata/RHSA-2026:23254
- https://access.redhat.com/errata/RHSA-2026:23255
- https://access.redhat.com/errata/RHSA-2026:23496
- https://access.redhat.com/errata/RHSA-2026:24341
- https://access.redhat.com/security/cve/CVE-2026-34002
- https://bugzilla.redhat.com/show_bug.cgi?id=2451112
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.