2451112 – (CVE-2026-34002) CVE-2026-34002 xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling

Bug 2451112 (CVE-2026-34002) - CVE-2026-34002 xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling

Summary: CVE-2026-34002 xorg: xwayland: X.Org X server: Information disclosure or Deni...

Keywords:
Status:	NEW
Alias:	CVE-2026-34002
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-25 07:10 UTC by OSIDB Bzimport
Modified:	2026-05-05 14:03 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-25 07:10:36 UTC

Out-of-bounds Read vulnerability in the XKB modifier map request handling of the X.Org X server. The function CheckModifierMap() processes wire data in a loop but does not sufficiently verify that the remaining bytes are within the bounds of the client request. As a result, the total number of keys processed can exceed the actual data supplied by the client, causing reads of uninitialized memory beyond the request buffer. An attacker with access to the X11 server can trigger this without user interaction, potentially disclosing memory and/or crashing the service.

Note You need to log in before you can comment on or make changes to this bug.