CVE-2026-34002

Summary

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:24.1.5-6.el10_0 < *unaffected
Red HatRed Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION0:1.1.0-25.el6_10.16 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:1.20.4-34.el7_9 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:1.8.0-36.el7_9.4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:1.20.10-4.el8_4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:1.11.0-8.el8_4.15 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:1.20.10-4.el8_4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:1.11.0-8.el8_4.15 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:21.1.3-2.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:1.20.11-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:1.12.0-6.el8_6.17 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On0:1.12.0-6.el8_6.17 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:21.1.3-2.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:1.20.11-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:21.1.3-2.el8_6.6 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:1.20.11-7.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:21.1.3-13.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:1.20.11-18.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:1.12.0-15.el8_8.17 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:21.1.3-13.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:1.20.11-18.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:1.12.0-15.el8_8.17 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:21.1.3-5.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:1.20.11-13.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:1.11.0-22.el9_0.17 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:21.1.3-10.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:1.20.11-20.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:1.12.0-14.el9_2.14 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:1.20.11-28.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:22.1.9-8.el9_4 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:1.13.1-8.el9_4.9 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:1.20.11-33.el9_6 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:23.2.7-6.el9_6 < *unaffected
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:1.14.1-10.el9_6 < *unaffected

Weaknesses

  • CWE-805: Buffer Access with Incorrect Length Value

Workarounds

To mitigate this vulnerability, restrict access to the X11 server. If the X.Org X server is not required on a system, consider disabling or uninstalling it. For systems where the X server is necessary, ensure that access is limited to trusted users and networks. This can involve configuring xhost or implementing firewall rules to restrict connections to the X server. Any changes to X server configuration or service status may require a restart of the X server for the mitigation to take effect, which will impact active graphical sessions.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References