Red Hat Security Advisory: xorg-x11-server-Xwayland security update
Multiple vulnerabilities have been identified in the Xwayland component of the X. Org X server used in Red Hat Enterprise Linux 10. These include a denial of service via integer underflow (CVE-2026-33999), a use-after-free vulnerability that can cause server crashes and potential memory corruption (CVE-2026-34001), and information exposure plus denial of service via out-of-bounds memory access (CVE-2026-34003). Red Hat has issued an important security advisory with updates addressing these issues. The vulnerabilities affect various architectures supported by Red Hat Enterprise Linux 10 and related CodeReady Linux Builder products. No known exploits in the wild have been reported. The vendor advisory provides updated packages to remediate these vulnerabilities.
AI Analysis
Technical Summary
This advisory covers three security vulnerabilities in the xorg-x11-server-Xwayland package for Red Hat Enterprise Linux 10. CVE-2026-33999 is an integer underflow in XKB compatibility map handling that can cause denial of service. CVE-2026-34001 is a use-after-free flaw that may lead to server crashes and potential memory corruption. CVE-2026-34003 involves out-of-bounds memory access resulting in information exposure and denial of service. These issues affect the Xwayland X server component, which enables running X clients under Wayland. Red Hat has released updated packages to fix these vulnerabilities across multiple supported architectures and product variants.
Potential Impact
Successful exploitation of these vulnerabilities could cause denial of service conditions by crashing the Xwayland server or corrupting memory, potentially impacting system stability. Information exposure through out-of-bounds memory access could leak sensitive data. The use-after-free vulnerability may lead to memory corruption, which could have further security implications. However, there are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Red Hat has released updated xorg-x11-server-Xwayland packages for Red Hat Enterprise Linux 10 and related products that address these vulnerabilities. Users should apply these official updates promptly to remediate the issues. Detailed instructions and updated packages are available in the Red Hat advisory RHSA-2026:19125 at https://access.redhat.com/errata/RHSA-2026:19125. No additional mitigation steps are indicated by the vendor advisory.
Red Hat Security Advisory: xorg-x11-server-Xwayland security update
Description
Multiple vulnerabilities have been identified in the Xwayland component of the X. Org X server used in Red Hat Enterprise Linux 10. These include a denial of service via integer underflow (CVE-2026-33999), a use-after-free vulnerability that can cause server crashes and potential memory corruption (CVE-2026-34001), and information exposure plus denial of service via out-of-bounds memory access (CVE-2026-34003). Red Hat has issued an important security advisory with updates addressing these issues. The vulnerabilities affect various architectures supported by Red Hat Enterprise Linux 10 and related CodeReady Linux Builder products. No known exploits in the wild have been reported. The vendor advisory provides updated packages to remediate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers three security vulnerabilities in the xorg-x11-server-Xwayland package for Red Hat Enterprise Linux 10. CVE-2026-33999 is an integer underflow in XKB compatibility map handling that can cause denial of service. CVE-2026-34001 is a use-after-free flaw that may lead to server crashes and potential memory corruption. CVE-2026-34003 involves out-of-bounds memory access resulting in information exposure and denial of service. These issues affect the Xwayland X server component, which enables running X clients under Wayland. Red Hat has released updated packages to fix these vulnerabilities across multiple supported architectures and product variants.
Potential Impact
Successful exploitation of these vulnerabilities could cause denial of service conditions by crashing the Xwayland server or corrupting memory, potentially impacting system stability. Information exposure through out-of-bounds memory access could leak sensitive data. The use-after-free vulnerability may lead to memory corruption, which could have further security implications. However, there are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Red Hat has released updated xorg-x11-server-Xwayland packages for Red Hat Enterprise Linux 10 and related products that address these vulnerabilities. Users should apply these official updates promptly to remediate the issues. Detailed instructions and updated packages are available in the Red Hat advisory RHSA-2026:19125 at https://access.redhat.com/errata/RHSA-2026:19125. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:19125
- Cve Count
- 3
- Additional Cves
- ["CVE-2026-34001","CVE-2026-34003"]
- Cvss Version
- null
Threat ID: 6a160982e29bf47b5064fcc6
Added to database: 5/26/2026, 8:58:42 PM
Last enriched: 5/26/2026, 9:48:58 PM
Last updated: 5/27/2026, 5:01:06 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.