PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-34000 Red Hat CVE debrief

CVE-2026-34000 is a medium-severity out-of-bounds read vulnerability in the X.Org X server, specifically within the XKB geometry processing functions `CheckSetGeom()` and `XkbAddGeomKeyAlias`. The flaw allows an attacker with a connection to the X11 server—whether local or remote—to read uninitialized or out-of-bounds memory without requiring user interaction. This can result in information disclosure or denial of service via server crash. The vulnerability was published on 2026-05-05 and last modified on 2026-05-28. It affects Red Hat Enterprise Linux versions 6.0 through 10.0 and the X.Org X Server. Red Hat has issued multiple security advisories addressing this vulnerability across various product versions. The CVSS 3.1 vector indicates local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, no integrity impact, and low availability impact.

Vendor
Red Hat
Product
Red Hat Enterprise Linux 10.0 Extended Update Support
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-05
Original CVE updated
2026-05-28
Advisory published
2026-05-05
Advisory updated
2026-05-28

Who should care

Organizations running Red Hat Enterprise Linux 6.0 through 10.0 or other distributions with vulnerable X.Org X server versions. System administrators managing multi-user Linux environments with X11 services enabled. Security teams responsible for hardening graphical workstation and server deployments. Organizations with remote X11 access or X forwarding enabled across untrusted networks.

Technical summary

The vulnerability exists in the XKB (X Keyboard Extension) geometry processing code of the X.Org X server. Specifically, the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions fail to properly validate bounds when processing keyboard geometry data, leading to an out-of-bounds read condition (CWE-125). An attacker with network or local access to the X11 server can trigger this flaw without user interaction, potentially reading sensitive memory contents or causing the server to crash. The attack requires low privileges and has low complexity, with high confidentiality impact but no integrity impact and low availability impact per CVSS 3.1 scoring.

Defensive priority

medium

Recommended defensive actions

  • Apply relevant Red Hat security advisories (RHSA-2026:19342, RHSA-2026:20547, RHSA-2026:20555, RHSA-2026:20557, RHSA-2026:20558, RHSA-2026:20560, RHSA-2026:20561, RHSA-2026:20562, RHSA-2026:20563, RHSA-2026:20575, RHSA-
  • 2026:20576, RHSA-2026:20590, RHSA-2026:21699, RHSA-2026:21712, RHSA-2026:21715, RHSA-2026:21716, RHSA-2026:21718, RHSA-2026:21741, RHSA-2026:21742) to affected Red Hat Enterprise Linux systems.
  • Restrict X11 server access to trusted clients only; consider disabling remote X11 access or tunneling through SSH with X11 forwarding disabled where not required.
  • Monitor X server logs for unexpected crashes or anomalous behavior that may indicate exploitation attempts.
  • Review and update X.Org X server packages to vendor-recommended versions that include patches for CVE-2026-34000.

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Affected products confirmed via NVD CPE criteria. Red Hat security advisories and bug tracking referenced as secondary sources. CVSS vector and CWE-125 classification derived from NVD metadata.

Official resources

2026-05-05