Description
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
Published: 2026-04-23
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via buffer read overrun in Xorg X server
Action: Apply Workaround
AI Analysis

Impact

An integer underflow occurs in the XKB compatibility map processing of the X.Org X server, which can cause a memory‑safety violation through a buffer read overrun. This flaw can lead to a denial‑of‑service condition or other severe impacts. The vulnerability does not provide direct remote code execution but allows an attacker with access to the X11 server—either locally or over a remote connection—to trigger the failure.

Affected Systems

Red Hat Enterprise Linux 9, 8, 7, 6, and 10 distributions are affected, specifically the Xorg/X11 server component that implements the XKB compatibility maps. No other vendors or products are listed as impacted in the CNA data.

Risk and Exploitability

The CVSS score of 7.8 classifies the issue as high severity. The EPSS indicator of less than 1% implies a very low likelihood of exploitation in the wild. The flaw is not catalogued in CISA KEV. Exploitation requires the attacker to gain access to the X11 server, which can be achieved locally or remotely via SSH X11 forwarding. Once an attacker can reach the XKB compatibility map handling code, they can trigger the integer underflow and consequent buffer read overrun to cause a service crash.

Generated by OpenCVE AI on April 28, 2026 at 07:35 UTC.

Remediation

Vendor Workaround

To mitigate this issue, restrict access to the X11 server. For remote access, disable X11 forwarding in SSH configurations if not required. Edit `/etc/ssh/sshd_config` and set `X11Forwarding no`. After modifying the configuration, restart the `sshd` service using `systemctl restart sshd`. Disabling X11 forwarding may impact remote graphical applications.

OpenCVE Recommended Actions

  • Restrict incoming connections to the X11 server by applying firewall rules or local access controls.
  • If the system uses SSH, disable X11 forwarding by setting X11Forwarding no in /etc/ssh/sshd_config and then restart the sshd service with systemctl restart sshd.
  • Continuously monitor Red Hat release notes and security advisories for an official fix and apply the patch as soon as it becomes available.

Generated by OpenCVE AI on April 28, 2026 at 07:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 03:30:00 +0000

Type Values Removed Values Added
References

Tue, 19 May 2026 22:00:00 +0000

Type Values Removed Values Added
References

Tue, 19 May 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10.2
References

Mon, 04 May 2026 13:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
References

Wed, 29 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
References

Wed, 29 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
References

Tue, 28 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9
References

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::crb
References

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.1
References

Mon, 27 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
References

Fri, 24 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 23 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
Title Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-191
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-20T02:10:50.010Z

Reserved: 2026-03-25T04:53:13.614Z

Link: CVE-2026-33999

cve-icon Vulnrichment

Updated: 2026-04-24T13:37:04.491Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-23T16:16:24.623

Modified: 2026-05-19T22:16:36.570

Link: CVE-2026-33999

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-23T14:11:12Z

Links: CVE-2026-33999 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T09:26:01Z

Weaknesses