Out-of-Bounds Read Vulnerability in X.Org X Server Affecting Red Hat
CVE-2026-34002

6.1MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor
CVE Published:
5 May 2026

What is CVE-2026-34002?

A flaw has been identified in the X.Org X server that pertains to its handling of the XKB (X Keyboard Extension) modifier map. This out-of-bounds read vulnerability allows an attacker with access to the X11 server to exploit the system by sending a specially crafted request. Such an exploit can lead to the server reading beyond its intended memory limits, which can expose sensitive information or potentially crash the server, causing a denial of service. It is essential for users to ensure their systems are updated to mitigate any risks associated with this vulnerability.

Affected Version(s)

Red Hat Enterprise Linux 10.0 Extended Update Support 0:24.1.5-6.el10_0

Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.16

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.20.4-34.el7_9

References

https://access.redhat.com/errata/RHSA-2026:20547
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20555
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20557
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Jan-Niklas Sohn (TrendAI Zero Day Initiative) for reporting this issue.
.