2451107 – (CVE-2026-34000) CVE-2026-34000 xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.

Bug 2451107 (CVE-2026-34000) - CVE-2026-34000 xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.

Summary: CVE-2026-34000 xwayland: xorg: X.Org X server: Information disclosure and den...

Keywords:
Status:	NEW
Alias:	CVE-2026-34000
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-25 06:38 UTC by OSIDB Bzimport
Modified:	2026-05-05 14:04 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-25 06:38:07 UTC

Out-of-bounds Read vulnerability in the XKB geometry processing of the X.Org X server. The issue is located in CheckSetGeom(), where bounds checking is performed using only the first key name of each alias entry (alias vs. real key name). Because the second name is not properly validated, XkbAddGeomKeyAlias may read uninitialized or out-of-bounds memory when processing a crafted request. An attacker who can connect to the X11 server (locally or via forwarded remote sessions) can trigger this without user interaction, potentially leaking memory contents and/or causing a crash.

Note You need to log in before you can comment on or make changes to this bug.