CVE-2026-34000: Out-of-bounds Read in Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
AI Analysis
Technical Summary
The vulnerability CVE-2026-34000 involves an out-of-bounds read in the X.Org X server's XKB geometry processing code, allowing attackers with access to the X11 server to read uninitialized or out-of-bounds memory. This can result in information disclosure or denial of service by crashing the server. The flaw exists in the CheckSetGeom() and XkbAddGeomKeyAlias functions. Red Hat has released patches for affected packages including xorg-x11-server-Xwayland and tigervnc on Red Hat Enterprise Linux 9 and its Extended Update Support variants. The vendor advisory classifies this update as important and provides detailed instructions for applying the fixes.
Potential Impact
Exploitation of this vulnerability can lead to disclosure of sensitive memory contents and denial of service conditions by crashing the X.Org X server. The CVSS 3.1 base score is 6.1 (medium severity), reflecting high confidentiality impact, no integrity impact, and low availability impact. The vulnerability requires local access or a connection to the X11 server with low privileges and no user interaction is needed for exploitation.
Mitigation Recommendations
Red Hat has released official security updates addressing CVE-2026-34000 as part of important security advisories RHSA-2026:19342 and RHSA-2026:20547. Users should apply the provided patches for xorg-x11-server-Xwayland and tigervnc packages on Red Hat Enterprise Linux 9 and Extended Update Support versions. Detailed update instructions are available at https://access.redhat.com/articles/11258. Applying these updates mitigates the vulnerability. No additional action is required beyond applying the vendor-provided patches.
CVE-2026-34000: Out-of-bounds Read in Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support
Description
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
CVSS v3.1
Score 6.1medium
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-34000 involves an out-of-bounds read in the X.Org X server's XKB geometry processing code, allowing attackers with access to the X11 server to read uninitialized or out-of-bounds memory. This can result in information disclosure or denial of service by crashing the server. The flaw exists in the CheckSetGeom() and XkbAddGeomKeyAlias functions. Red Hat has released patches for affected packages including xorg-x11-server-Xwayland and tigervnc on Red Hat Enterprise Linux 9 and its Extended Update Support variants. The vendor advisory classifies this update as important and provides detailed instructions for applying the fixes.
Potential Impact
Exploitation of this vulnerability can lead to disclosure of sensitive memory contents and denial of service conditions by crashing the X.Org X server. The CVSS 3.1 base score is 6.1 (medium severity), reflecting high confidentiality impact, no integrity impact, and low availability impact. The vulnerability requires local access or a connection to the X11 server with low privileges and no user interaction is needed for exploitation.
Mitigation Recommendations
Red Hat has released official security updates addressing CVE-2026-34000 as part of important security advisories RHSA-2026:19342 and RHSA-2026:20547. Users should apply the provided patches for xorg-x11-server-Xwayland and tigervnc packages on Red Hat Enterprise Linux 9 and Extended Update Support versions. Detailed update instructions are available at https://access.redhat.com/articles/11258. Applying these updates mitigates the vulnerability. No additional action is required beyond applying the vendor-provided patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-03-25T04:53:13.614Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-34000","vendor":"Red Hat"}]
Threat ID: 69fa191dcbff5d86100ff6c8
Added to database: 5/5/2026, 4:21:49 PM
Last enriched: 6/12/2026, 10:02:32 AM
Last updated: 6/20/2026, 8:43:45 AM
Views: 67
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.