Bug 2451112 (CVE-2026-34002) - CVE-2026-34002 xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling
Summary: CVE-2026-34002 xorg: xwayland: X.Org X server: Information disclosure or Deni...
Keywords:
Status: NEW
Alias: CVE-2026-34002
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2476412 2476413 2476414
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-25 07:10 UTC by OSIDB Bzimport
Modified: 2026-06-08 02:03 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:20547 0 None None None 2026-05-26 03:03:52 UTC
Red Hat Product Errata RHSA-2026:20555 0 None None None 2026-05-26 04:59:02 UTC
Red Hat Product Errata RHSA-2026:20557 0 None None None 2026-05-26 02:48:52 UTC
Red Hat Product Errata RHSA-2026:20558 0 None None None 2026-05-26 03:50:30 UTC
Red Hat Product Errata RHSA-2026:20560 0 None None None 2026-05-26 03:04:21 UTC
Red Hat Product Errata RHSA-2026:20561 0 None None None 2026-05-26 03:43:24 UTC
Red Hat Product Errata RHSA-2026:20562 0 None None None 2026-05-26 01:57:02 UTC
Red Hat Product Errata RHSA-2026:20563 0 None None None 2026-05-26 03:18:16 UTC
Red Hat Product Errata RHSA-2026:20575 0 None None None 2026-05-26 04:00:41 UTC
Red Hat Product Errata RHSA-2026:20576 0 None None None 2026-05-26 04:55:32 UTC
Red Hat Product Errata RHSA-2026:20590 0 None None None 2026-05-26 04:31:06 UTC
Red Hat Product Errata RHSA-2026:21699 0 None None None 2026-05-28 07:49:18 UTC
Red Hat Product Errata RHSA-2026:21712 0 None None None 2026-05-28 09:33:27 UTC
Red Hat Product Errata RHSA-2026:21715 0 None None None 2026-05-28 09:37:54 UTC
Red Hat Product Errata RHSA-2026:21716 0 None None None 2026-05-28 09:44:10 UTC
Red Hat Product Errata RHSA-2026:21718 0 None None None 2026-05-28 09:55:39 UTC
Red Hat Product Errata RHSA-2026:21741 0 None None None 2026-05-28 11:38:20 UTC
Red Hat Product Errata RHSA-2026:21742 0 None None None 2026-05-28 12:02:36 UTC
Red Hat Product Errata RHSA-2026:22424 0 None None None 2026-06-02 08:16:55 UTC
Red Hat Product Errata RHSA-2026:22456 0 None None None 2026-06-02 16:05:16 UTC
Red Hat Product Errata RHSA-2026:23254 0 None None None 2026-06-04 11:12:55 UTC
Red Hat Product Errata RHSA-2026:23255 0 None None None 2026-06-04 11:24:30 UTC
Red Hat Product Errata RHSA-2026:23496 0 None None None 2026-06-04 22:07:47 UTC
Red Hat Product Errata RHSA-2026:24341 0 None None None 2026-06-08 02:03:55 UTC

Description OSIDB Bzimport 2026-03-25 07:10:36 UTC 
Out-of-bounds Read vulnerability in the XKB modifier map request handling of the X.Org X server. The function CheckModifierMap() processes wire data in a loop but does not sufficiently verify that the remaining bytes are within the bounds of the client request. As a result, the total number of keys processed can exceed the actual data supplied by the client, causing reads of uninitialized memory beyond the request buffer. An attacker with access to the X11 server can trigger this without user interaction, potentially disclosing memory and/or crashing the service.
Comment 1 errata-xmlrpc 2026-05-26 01:57:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:20562 https://access.redhat.com/errata/RHSA-2026:20562
Comment 2 errata-xmlrpc 2026-05-26 02:48:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:20557 https://access.redhat.com/errata/RHSA-2026:20557
Comment 3 errata-xmlrpc 2026-05-26 03:03:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:20547 https://access.redhat.com/errata/RHSA-2026:20547
Comment 4 errata-xmlrpc 2026-05-26 03:04:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:20560 https://access.redhat.com/errata/RHSA-2026:20560
Comment 5 errata-xmlrpc 2026-05-26 03:18:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:20563 https://access.redhat.com/errata/RHSA-2026:20563
Comment 6 errata-xmlrpc 2026-05-26 03:43:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20561 https://access.redhat.com/errata/RHSA-2026:20561
Comment 7 errata-xmlrpc 2026-05-26 03:50:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:20558 https://access.redhat.com/errata/RHSA-2026:20558
Comment 8 errata-xmlrpc 2026-05-26 04:00:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:20575 https://access.redhat.com/errata/RHSA-2026:20575
Comment 9 errata-xmlrpc 2026-05-26 04:31:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:20590 https://access.redhat.com/errata/RHSA-2026:20590
Comment 10 errata-xmlrpc 2026-05-26 04:55:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:20576 https://access.redhat.com/errata/RHSA-2026:20576
Comment 11 errata-xmlrpc 2026-05-26 04:59:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:20555 https://access.redhat.com/errata/RHSA-2026:20555
Comment 12 errata-xmlrpc 2026-05-28 07:49:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:21699 https://access.redhat.com/errata/RHSA-2026:21699
Comment 13 errata-xmlrpc 2026-05-28 09:33:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:21712 https://access.redhat.com/errata/RHSA-2026:21712
Comment 14 errata-xmlrpc 2026-05-28 09:37:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:21715 https://access.redhat.com/errata/RHSA-2026:21715
Comment 15 errata-xmlrpc 2026-05-28 09:44:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:21716 https://access.redhat.com/errata/RHSA-2026:21716
Comment 16 errata-xmlrpc 2026-05-28 09:55:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:21718 https://access.redhat.com/errata/RHSA-2026:21718
Comment 17 errata-xmlrpc 2026-05-28 11:38:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:21741 https://access.redhat.com/errata/RHSA-2026:21741
Comment 18 errata-xmlrpc 2026-05-28 12:02:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:21742 https://access.redhat.com/errata/RHSA-2026:21742
Comment 19 errata-xmlrpc 2026-06-02 08:16:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:22424 https://access.redhat.com/errata/RHSA-2026:22424
Comment 20 errata-xmlrpc 2026-06-02 16:05:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:22456 https://access.redhat.com/errata/RHSA-2026:22456
Comment 21 errata-xmlrpc 2026-06-04 11:12:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:23254 https://access.redhat.com/errata/RHSA-2026:23254
Comment 22 errata-xmlrpc 2026-06-04 11:24:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:23255 https://access.redhat.com/errata/RHSA-2026:23255
Comment 23 errata-xmlrpc 2026-06-04 22:07:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION

Via RHSA-2026:23496 https://access.redhat.com/errata/RHSA-2026:23496
Comment 24 errata-xmlrpc 2026-06-08 02:03:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Via RHSA-2026:24341 https://access.redhat.com/errata/RHSA-2026:24341
Note You need to log in before you can comment on or make changes to this bug.