Out-of-Bounds Read Vulnerability in X.Org X Server by Red Hat
CVE-2026-34000

6.1MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor
CVE Published:
5 May 2026

What is CVE-2026-34000?

A flaw has been identified in the X.Org X server related to out-of-bounds reading, specifically affecting the XKB geometry processing functions, CheckSetGeom() and XkbAddGeomKeyAlias. This vulnerability allows an attacker with access to the X11 server, either locally or remotely, to exploit the flaw without requiring user interaction. Successful exploitation can lead to the disclosure of sensitive memory contents, or potentially result in a denial of service through server crashes.

Affected Version(s)

Red Hat Enterprise Linux 10.0 Extended Update Support 0:24.1.5-6.el10_0

Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.16

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.20.4-34.el7_9

References

https://access.redhat.com/errata/RHSA-2026:19342
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20547
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20555
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Jan-Niklas Sohn (TrendAI Zero Day Initiative) for reporting this issue.
.