{ "threat_severity" : "Moderate", "public_date" : "2026-05-05T14:01:15Z", "bugzilla" : { "description" : "xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.", "id" : "2451107", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2451107" }, "cvss3" : { "cvss3_base_score" : "6.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status" : "draft" }, "cwe" : "CWE-125", "details" : [ "A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server." ], "statement" : "This out-of-bounds read vulnerability in the X.Org X server's XKB geometry processing could allow an attacker to leak memory contents or cause a denial of service. Exploitation requires an attacker to establish a connection to the X11 server, either locally or through forwarded remote sessions. Red Hat Enterprise Linux systems with a graphical environment enabled are potentially affected.", "acknowledgement" : "Red Hat would like to thank Jan-Niklas Sohn (TrendAI Zero Day Initiative) for reporting this issue.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "xorg-x11-server-Xwayland", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Affected", "package_name" : "tigervnc", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "xorg-x11-server", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "tigervnc", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "xorg-x11-server", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "tigervnc", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "xorg-x11-server", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "xorg-x11-server-Xwayland", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "tigervnc", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "xorg-x11-server", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "xorg-x11-server-Xwayland", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-34000\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34000" ], "name" : "CVE-2026-34000", "mitigation" : { "value" : "To mitigate this vulnerability, restrict access to the X11 server. On systems where a graphical environment is not required, consider disabling the X server entirely by setting the default system target to multi-user mode. For systems requiring the X server, ensure that X11 forwarding is disabled in SSH configurations if not explicitly needed, and restrict direct X11 connections to trusted users and networks through firewall rules. If changes are made to SSH configuration, the `sshd` service must be restarted. If the default system target is changed, a system reboot is required.", "lang" : "en:us" }, "csaw" : false }