Description
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
Published: 2026-05-05
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the X.Org X server’s out‑of‑bounds read during XKB geometry processing enables an attacker with an X11 connection, whether local or remote, to read uninitialized or out‑of‑bounds memory, potentially exposing sensitive data or causing the server to crash, resulting in denial of service. The weakness is identified as CWE‑125 and does not require user interaction.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux releases 6, 7, 8, 9, and 10, where the default X11/Xorg server is installed.

Risk and Exploitability

The CVSS score of 6.1 indicates medium severity. No EPSS score is available, so the current exploitation probability is unknown, and the vulnerability is not listed in the CISA KEV catalog. An attacker can exploit the flaw by connecting directly to the X11 server or via X11 forwarding in SSH, and the vulnerability can be triggered without user intervention, meaning that anyone who can reach the X server can compromise confidentiality, integrity, or availability.

Generated by OpenCVE AI on May 5, 2026 at 17:26 UTC.

Remediation

Vendor Workaround

To mitigate this vulnerability, restrict access to the X11 server. On systems where a graphical environment is not required, consider disabling the X server entirely by setting the default system target to multi-user mode. For systems requiring the X server, ensure that X11 forwarding is disabled in SSH configurations if not explicitly needed, and restrict direct X11 connections to trusted users and networks through firewall rules. If changes are made to SSH configuration, the `sshd` service must be restarted. If the default system target is changed, a system reboot is required.

OpenCVE Recommended Actions

  • Install the Red Hat security update that fixes CVE‑2026‑34000 when it becomes available.
  • If no update is available, disable or restrict the X11 server: set the system target to multi‑user mode and stop the display manager unless a graphical environment is required.
  • Disable X11 forwarding in SSH configuration and use firewall rules to allow only trusted users or networks to connect to the X11 port.

Generated by OpenCVE AI on May 5, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 05 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
Title Xwayland: xorg: x.org x server: information disclosure and denial of service via out-of-bounds read in xkb geometry processing.
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-125
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-05T18:52:32.853Z

Reserved: 2026-03-25T04:53:13.614Z

Link: CVE-2026-34000

cve-icon Vulnrichment

Updated: 2026-05-05T18:51:44.186Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-05T16:16:11.647

Modified: 2026-05-05T19:31:10.400

Link: CVE-2026-34000

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T17:30:06Z

Weaknesses