Bug 2451107 (CVE-2026-34000) - CVE-2026-34000 xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.
Summary: CVE-2026-34000 xwayland: xorg: X.Org X server: Information disclosure and den...
Keywords:
Status: NEW
Alias: CVE-2026-34000
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2476955
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-25 06:38 UTC by OSIDB Bzimport
Modified: 2026-06-08 02:03 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:19342 0 None None None 2026-05-19 21:36:59 UTC
Red Hat Product Errata RHSA-2026:20547 0 None None None 2026-05-26 03:03:50 UTC
Red Hat Product Errata RHSA-2026:20555 0 None None None 2026-05-26 04:58:59 UTC
Red Hat Product Errata RHSA-2026:20557 0 None None None 2026-05-26 02:48:49 UTC
Red Hat Product Errata RHSA-2026:20558 0 None None None 2026-05-26 03:50:33 UTC
Red Hat Product Errata RHSA-2026:20560 0 None None None 2026-05-26 03:04:18 UTC
Red Hat Product Errata RHSA-2026:20561 0 None None None 2026-05-26 03:43:22 UTC
Red Hat Product Errata RHSA-2026:20562 0 None None None 2026-05-26 01:57:01 UTC
Red Hat Product Errata RHSA-2026:20563 0 None None None 2026-05-26 03:18:13 UTC
Red Hat Product Errata RHSA-2026:20575 0 None None None 2026-05-26 04:00:39 UTC
Red Hat Product Errata RHSA-2026:20576 0 None None None 2026-05-26 04:55:30 UTC
Red Hat Product Errata RHSA-2026:20590 0 None None None 2026-05-26 04:31:02 UTC
Red Hat Product Errata RHSA-2026:21699 0 None None None 2026-05-28 07:49:15 UTC
Red Hat Product Errata RHSA-2026:21712 0 None None None 2026-05-28 09:33:26 UTC
Red Hat Product Errata RHSA-2026:21715 0 None None None 2026-05-28 09:37:51 UTC
Red Hat Product Errata RHSA-2026:21716 0 None None None 2026-05-28 09:44:08 UTC
Red Hat Product Errata RHSA-2026:21718 0 None None None 2026-05-28 09:55:37 UTC
Red Hat Product Errata RHSA-2026:21741 0 None None None 2026-05-28 11:38:20 UTC
Red Hat Product Errata RHSA-2026:21742 0 None None None 2026-05-28 12:02:33 UTC
Red Hat Product Errata RHSA-2026:22424 0 None None None 2026-06-02 08:16:58 UTC
Red Hat Product Errata RHSA-2026:22456 0 None None None 2026-06-02 16:05:14 UTC
Red Hat Product Errata RHSA-2026:23254 0 None None None 2026-06-04 11:12:53 UTC
Red Hat Product Errata RHSA-2026:23255 0 None None None 2026-06-04 11:24:28 UTC
Red Hat Product Errata RHSA-2026:23496 0 None None None 2026-06-04 22:07:44 UTC
Red Hat Product Errata RHSA-2026:24341 0 None None None 2026-06-08 02:03:54 UTC

Description OSIDB Bzimport 2026-03-25 06:38:07 UTC 
Out-of-bounds Read vulnerability in the XKB geometry processing of the X.Org X server. The issue is located in CheckSetGeom(), where bounds checking is performed using only the first key name of each alias entry (alias vs. real key name). Because the second name is not properly validated, XkbAddGeomKeyAlias may read uninitialized or out-of-bounds memory when processing a crafted request. An attacker who can connect to the X11 server (locally or via forwarded remote sessions) can trigger this without user interaction, potentially leaking memory contents and/or causing a crash.
Comment 4 errata-xmlrpc 2026-05-19 21:36:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19342 https://access.redhat.com/errata/RHSA-2026:19342
Comment 5 errata-xmlrpc 2026-05-26 01:57:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:20562 https://access.redhat.com/errata/RHSA-2026:20562
Comment 6 errata-xmlrpc 2026-05-26 02:48:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:20557 https://access.redhat.com/errata/RHSA-2026:20557
Comment 7 errata-xmlrpc 2026-05-26 03:03:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:20547 https://access.redhat.com/errata/RHSA-2026:20547
Comment 8 errata-xmlrpc 2026-05-26 03:04:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:20560 https://access.redhat.com/errata/RHSA-2026:20560
Comment 9 errata-xmlrpc 2026-05-26 03:18:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:20563 https://access.redhat.com/errata/RHSA-2026:20563
Comment 10 errata-xmlrpc 2026-05-26 03:43:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20561 https://access.redhat.com/errata/RHSA-2026:20561
Comment 11 errata-xmlrpc 2026-05-26 03:50:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20558 https://access.redhat.com/errata/RHSA-2026:20558
Comment 12 errata-xmlrpc 2026-05-26 04:00:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:20575 https://access.redhat.com/errata/RHSA-2026:20575
Comment 13 errata-xmlrpc 2026-05-26 04:31:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:20590 https://access.redhat.com/errata/RHSA-2026:20590
Comment 14 errata-xmlrpc 2026-05-26 04:55:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:20576 https://access.redhat.com/errata/RHSA-2026:20576
Comment 15 errata-xmlrpc 2026-05-26 04:58:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:20555 https://access.redhat.com/errata/RHSA-2026:20555
Comment 16 errata-xmlrpc 2026-05-28 07:49:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:21699 https://access.redhat.com/errata/RHSA-2026:21699
Comment 17 errata-xmlrpc 2026-05-28 09:33:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:21712 https://access.redhat.com/errata/RHSA-2026:21712
Comment 18 errata-xmlrpc 2026-05-28 09:37:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:21715 https://access.redhat.com/errata/RHSA-2026:21715
Comment 19 errata-xmlrpc 2026-05-28 09:44:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:21716 https://access.redhat.com/errata/RHSA-2026:21716
Comment 20 errata-xmlrpc 2026-05-28 09:55:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:21718 https://access.redhat.com/errata/RHSA-2026:21718
Comment 21 errata-xmlrpc 2026-05-28 11:38:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:21741 https://access.redhat.com/errata/RHSA-2026:21741
Comment 22 errata-xmlrpc 2026-05-28 12:02:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:21742 https://access.redhat.com/errata/RHSA-2026:21742
Comment 23 errata-xmlrpc 2026-06-02 08:16:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:22424 https://access.redhat.com/errata/RHSA-2026:22424
Comment 24 errata-xmlrpc 2026-06-02 16:05:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:22456 https://access.redhat.com/errata/RHSA-2026:22456
Comment 25 errata-xmlrpc 2026-06-04 11:12:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:23254 https://access.redhat.com/errata/RHSA-2026:23254
Comment 26 errata-xmlrpc 2026-06-04 11:24:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:23255 https://access.redhat.com/errata/RHSA-2026:23255
Comment 27 errata-xmlrpc 2026-06-04 22:07:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION

Via RHSA-2026:23496 https://access.redhat.com/errata/RHSA-2026:23496
Comment 28 errata-xmlrpc 2026-06-08 02:03:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Via RHSA-2026:24341 https://access.redhat.com/errata/RHSA-2026:24341
Note You need to log in before you can comment on or make changes to this bug.