CVE-2026-34000

EUVD-2026-27341

05.05.2026, 16:16

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.1 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Affected Products (NVD)

Vendor	Product	Version
x.org	x_server	-
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xorg-server

bookworm	no-dsa
bookworm (security)	vulnerable
bullseye	postponed
bullseye (security)	vulnerable
forky	2:21.1.22-1 fixed
sid	2:21.1.22-1 fixed
trixie	no-dsa
trixie (security)	vulnerable

xwayland

bookworm	ignored
forky	2:24.1.11-1 fixed
sid	2:24.1.11-1 fixed
trixie	ignored

openSUSE / SLES Releases

openSUSE Product

Release

xorg-x11-server

suse enterprise desktop 15 SP7	21.1.15-150700.5.16.1 fixed
suse enterprise sap 15 SP7	21.1.15-150700.5.16.1 fixed
suse enterprise server 12 SP5	1.19.6-10.99.1 fixed
suse enterprise server 15 SP4	1.20.3-150400.38.68.1 fixed
suse enterprise server 15 SP5	21.1.4-150500.7.46.1 fixed
suse enterprise server 15 SP6	21.1.11-150600.5.25.1 fixed
suse enterprise server 15 SP7	21.1.15-150700.5.16.1 fixed

xorg-x11-server-Xvfb

suse enterprise desktop 15 SP7	21.1.15-150700.5.16.1 fixed
suse enterprise sap 15 SP7	21.1.15-150700.5.16.1 fixed
suse enterprise server 15 SP5	21.1.4-150500.7.46.1 fixed
suse enterprise server 15 SP6	21.1.11-150600.5.25.1 fixed
suse enterprise server 15 SP7	21.1.15-150700.5.16.1 fixed

xorg-x11-server-extra

suse enterprise desktop 15 SP7	21.1.15-150700.5.16.1 fixed
suse enterprise sap 15 SP7	21.1.15-150700.5.16.1 fixed
suse enterprise server 12 SP5	1.19.6-10.99.1 fixed
suse enterprise server 15 SP4	1.20.3-150400.38.68.1 fixed
suse enterprise server 15 SP5	21.1.4-150500.7.46.1 fixed
suse enterprise server 15 SP6	21.1.11-150600.5.25.1 fixed
suse enterprise server 15 SP7	21.1.15-150700.5.16.1 fixed

xorg-x11-server-sdk

suse enterprise server 15 SP4	1.20.3-150400.38.68.1 fixed
suse enterprise server 15 SP5	21.1.4-150500.7.46.1 fixed
suse enterprise server 15 SP6	21.1.11-150600.5.25.1 fixed

xwayland

suse enterprise desktop 15 SP7	24.1.5-150700.3.14.1 fixed
suse enterprise sap 15 SP7	24.1.5-150700.3.14.1 fixed
suse enterprise server 15 SP7	24.1.5-150700.3.14.1 fixed
suse enterprise workstation 15 SP7	24.1.5-150700.3.14.1 fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[GERMAN] X.Org X11, Xwayland: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in X.Org X11 und Xwayland ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, darunter möglicherweise Speicherbeschädigungen, die Offenlegung von Informationen oder einen Denial-of-Service-Zustand.
Published: 2026-04-14T22:00:00+00:00

References

https://access.redhat.com/security/cve/CVE-2026-34000

https://bugzilla.redhat.com/show_bug.cgi?id=2451107