Bug 2451109 (CVE-2026-34001) - CVE-2026-34001 xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption
Summary: CVE-2026-34001 xorg: xwayland: X.Org X server: Use-after-free vulnerability l...
Keywords:
Status: NEW
Alias: CVE-2026-34001
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2476958 2476960 2476961
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-25 07:00 UTC by OSIDB Bzimport
Modified: 2026-06-08 02:03 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:10739 0 None None None 2026-04-27 08:29:52 UTC
Red Hat Product Errata RHSA-2026:11352 0 None None None 2026-04-28 11:21:05 UTC
Red Hat Product Errata RHSA-2026:11369 0 None None None 2026-04-28 14:53:17 UTC
Red Hat Product Errata RHSA-2026:11388 0 None None None 2026-04-28 17:58:04 UTC
Red Hat Product Errata RHSA-2026:11656 0 None None None 2026-04-29 12:01:25 UTC
Red Hat Product Errata RHSA-2026:11692 0 None None None 2026-04-29 13:07:52 UTC
Red Hat Product Errata RHSA-2026:13414 0 None None None 2026-05-04 12:29:10 UTC
Red Hat Product Errata RHSA-2026:19125 0 None None None 2026-05-19 16:05:08 UTC
Red Hat Product Errata RHSA-2026:19342 0 None None None 2026-05-19 21:37:02 UTC
Red Hat Product Errata RHSA-2026:19343 0 None None None 2026-05-19 21:37:07 UTC
Red Hat Product Errata RHSA-2026:19344 0 None None None 2026-05-19 21:36:59 UTC
Red Hat Product Errata RHSA-2026:20547 0 None None None 2026-05-26 03:03:51 UTC
Red Hat Product Errata RHSA-2026:20555 0 None None None 2026-05-26 04:59:00 UTC
Red Hat Product Errata RHSA-2026:20557 0 None None None 2026-05-26 02:48:51 UTC
Red Hat Product Errata RHSA-2026:20558 0 None None None 2026-05-26 03:50:31 UTC
Red Hat Product Errata RHSA-2026:20560 0 None None None 2026-05-26 03:04:19 UTC
Red Hat Product Errata RHSA-2026:20561 0 None None None 2026-05-26 03:43:22 UTC
Red Hat Product Errata RHSA-2026:20562 0 None None None 2026-05-26 01:57:01 UTC
Red Hat Product Errata RHSA-2026:20563 0 None None None 2026-05-26 03:18:13 UTC
Red Hat Product Errata RHSA-2026:20575 0 None None None 2026-05-26 04:00:39 UTC
Red Hat Product Errata RHSA-2026:20576 0 None None None 2026-05-26 04:55:32 UTC
Red Hat Product Errata RHSA-2026:20590 0 None None None 2026-05-26 04:31:03 UTC
Red Hat Product Errata RHSA-2026:21699 0 None None None 2026-05-28 07:49:15 UTC
Red Hat Product Errata RHSA-2026:21712 0 None None None 2026-05-28 09:33:26 UTC
Red Hat Product Errata RHSA-2026:21715 0 None None None 2026-05-28 09:37:51 UTC
Red Hat Product Errata RHSA-2026:21716 0 None None None 2026-05-28 09:44:08 UTC
Red Hat Product Errata RHSA-2026:21718 0 None None None 2026-05-28 09:55:36 UTC
Red Hat Product Errata RHSA-2026:21741 0 None None None 2026-05-28 11:38:20 UTC
Red Hat Product Errata RHSA-2026:21742 0 None None None 2026-05-28 12:02:33 UTC
Red Hat Product Errata RHSA-2026:22424 0 None None None 2026-06-02 08:16:57 UTC
Red Hat Product Errata RHSA-2026:22456 0 None None None 2026-06-02 16:05:16 UTC
Red Hat Product Errata RHSA-2026:23254 0 None None None 2026-06-04 11:12:52 UTC
Red Hat Product Errata RHSA-2026:23255 0 None None None 2026-06-04 11:24:28 UTC
Red Hat Product Errata RHSA-2026:23496 0 None None None 2026-06-04 22:07:47 UTC
Red Hat Product Errata RHSA-2026:24341 0 None None None 2026-06-08 02:03:55 UTC

Description OSIDB Bzimport 2026-03-25 07:00:31 UTC 
Use-after-free vulnerability in the XSYNC fence triggering logic of the X.Org X server. The flaw occurs in miSyncTriggerFence() while walking the list of fences to trigger: calling TriggerFence() for the current entry can invoke SyncAwaitTriggerFired(), which frees the entire await resource. This free operation removes all triggers from the await object, including subsequent list entries that miSyncTriggerFence() may still attempt to process, resulting in a use-after-free. An attacker with access to the X11 server can trigger the bug without user interaction, potentially crashing the server and, in some configurations, enabling memory corruption with higher impact.
Comment 4 errata-xmlrpc 2026-04-27 08:29:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:10739 https://access.redhat.com/errata/RHSA-2026:10739
Comment 5 errata-xmlrpc 2026-04-28 11:21:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:11352 https://access.redhat.com/errata/RHSA-2026:11352
Comment 6 errata-xmlrpc 2026-04-28 14:53:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:11369 https://access.redhat.com/errata/RHSA-2026:11369
Comment 7 errata-xmlrpc 2026-04-28 17:58:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:11388 https://access.redhat.com/errata/RHSA-2026:11388
Comment 8 errata-xmlrpc 2026-04-29 12:01:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11656 https://access.redhat.com/errata/RHSA-2026:11656
Comment 9 errata-xmlrpc 2026-04-29 13:07:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11692 https://access.redhat.com/errata/RHSA-2026:11692
Comment 10 errata-xmlrpc 2026-05-04 12:29:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:13414 https://access.redhat.com/errata/RHSA-2026:13414
Comment 11 errata-xmlrpc 2026-05-19 16:05:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19125 https://access.redhat.com/errata/RHSA-2026:19125
Comment 12 errata-xmlrpc 2026-05-19 21:36:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19344 https://access.redhat.com/errata/RHSA-2026:19344
Comment 13 errata-xmlrpc 2026-05-19 21:37:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19342 https://access.redhat.com/errata/RHSA-2026:19342
Comment 14 errata-xmlrpc 2026-05-19 21:37:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19343 https://access.redhat.com/errata/RHSA-2026:19343
Comment 15 errata-xmlrpc 2026-05-26 01:57:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:20562 https://access.redhat.com/errata/RHSA-2026:20562
Comment 16 errata-xmlrpc 2026-05-26 02:48:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:20557 https://access.redhat.com/errata/RHSA-2026:20557
Comment 17 errata-xmlrpc 2026-05-26 03:03:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:20547 https://access.redhat.com/errata/RHSA-2026:20547
Comment 18 errata-xmlrpc 2026-05-26 03:04:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:20560 https://access.redhat.com/errata/RHSA-2026:20560
Comment 19 errata-xmlrpc 2026-05-26 03:18:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:20563 https://access.redhat.com/errata/RHSA-2026:20563
Comment 20 errata-xmlrpc 2026-05-26 03:43:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20561 https://access.redhat.com/errata/RHSA-2026:20561
Comment 21 errata-xmlrpc 2026-05-26 03:50:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20558 https://access.redhat.com/errata/RHSA-2026:20558
Comment 22 errata-xmlrpc 2026-05-26 04:00:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:20575 https://access.redhat.com/errata/RHSA-2026:20575
Comment 23 errata-xmlrpc 2026-05-26 04:31:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:20590 https://access.redhat.com/errata/RHSA-2026:20590
Comment 24 errata-xmlrpc 2026-05-26 04:55:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:20576 https://access.redhat.com/errata/RHSA-2026:20576
Comment 25 errata-xmlrpc 2026-05-26 04:58:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:20555 https://access.redhat.com/errata/RHSA-2026:20555
Comment 26 errata-xmlrpc 2026-05-28 07:49:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:21699 https://access.redhat.com/errata/RHSA-2026:21699
Comment 27 errata-xmlrpc 2026-05-28 09:33:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:21712 https://access.redhat.com/errata/RHSA-2026:21712
Comment 28 errata-xmlrpc 2026-05-28 09:37:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:21715 https://access.redhat.com/errata/RHSA-2026:21715
Comment 29 errata-xmlrpc 2026-05-28 09:44:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:21716 https://access.redhat.com/errata/RHSA-2026:21716
Comment 30 errata-xmlrpc 2026-05-28 09:55:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:21718 https://access.redhat.com/errata/RHSA-2026:21718
Comment 31 errata-xmlrpc 2026-05-28 11:38:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:21741 https://access.redhat.com/errata/RHSA-2026:21741
Comment 32 errata-xmlrpc 2026-05-28 12:02:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:21742 https://access.redhat.com/errata/RHSA-2026:21742
Comment 33 errata-xmlrpc 2026-06-02 08:16:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:22424 https://access.redhat.com/errata/RHSA-2026:22424
Comment 34 errata-xmlrpc 2026-06-02 16:05:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:22456 https://access.redhat.com/errata/RHSA-2026:22456
Comment 35 errata-xmlrpc 2026-06-04 11:12:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:23254 https://access.redhat.com/errata/RHSA-2026:23254
Comment 36 errata-xmlrpc 2026-06-04 11:24:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:23255 https://access.redhat.com/errata/RHSA-2026:23255
Comment 37 errata-xmlrpc 2026-06-04 22:07:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION

Via RHSA-2026:23496 https://access.redhat.com/errata/RHSA-2026:23496
Comment 38 errata-xmlrpc 2026-06-08 02:03:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Via RHSA-2026:24341 https://access.redhat.com/errata/RHSA-2026:24341
Note You need to log in before you can comment on or make changes to this bug.