HIGHCVE-2026-34001Published 2026-04-23Modified 2026-05-28CNA redhat

CVE-2026-34001: Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: 0:1.11.0-22.el9_0.17
Affected Products: 39

Fix available

0:1.11.0-22.el9_0.170:1.12.0-14.el9_2.140:1.13.1-8.el9_4.90:1.15.0-6.el9_7.10:1.15.0-7.el9_8.10:1.15.0-9.el8_100:1.20.4-34.el7_90:1.20.10-4.el8_40:1.20.11-7.el8_60:1.20.11-13.el9_00:1.20.11-18.el8_80:1.20.11-20.el9_20:1.20.11-28.el8_100:1.20.11-28.el9_40:1.20.11-33.el9_60:1.20.11-33.el9_70:1.20.11-34.el9_80:21.1.3-2.el8_6.60:21.1.3-5.el9_00:21.1.3-10.el9_20:21.1.3-13.el8_80:21.1.3-20.el8_100:22.1.9-8.el9_40:23.2.7-6.el9_60:23.2.7-6.el9_70:24.1.5-6.el10_00:24.1.5-6.el10_10:24.1.9-4.el10_20:24.1.9-4.el9_8

Affected packages

Red Hat / Red Hat Enterprise Linux 10
Fixed in 0:24.1.5-6.el10_1
Red Hat / Red Hat Enterprise Linux 10
Fixed in 0:24.1.9-4.el10_2
Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
Fixed in 0:24.1.5-6.el10_0
Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
Fixed in 0:1.20.4-34.el7_9
Red Hat / Red Hat Enterprise Linux 8
Fixed in 0:21.1.3-20.el8_10
Red Hat / Red Hat Enterprise Linux 8
Fixed in 0:1.20.11-28.el8_10
Red Hat / Red Hat Enterprise Linux 8
Fixed in 0:1.15.0-9.el8_10
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Fixed in 0:1.20.10-4.el8_4
Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Fixed in 0:1.20.10-4.el8_4
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Fixed in 0:21.1.3-2.el8_6.6
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Fixed in 0:1.20.11-7.el8_6
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Fixed in 0:21.1.3-2.el8_6.6
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Fixed in 0:1.20.11-7.el8_6
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Fixed in 0:21.1.3-2.el8_6.6
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Fixed in 0:1.20.11-7.el8_6
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Fixed in 0:21.1.3-13.el8_8
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Fixed in 0:1.20.11-18.el8_8
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Fixed in 0:21.1.3-13.el8_8
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Fixed in 0:1.20.11-18.el8_8
Red Hat / Red Hat Enterprise Linux 9
Fixed in 0:1.15.0-6.el9_7.1
Red Hat / Red Hat Enterprise Linux 9
Fixed in 0:23.2.7-6.el9_7
Red Hat / Red Hat Enterprise Linux 9
Fixed in 0:1.20.11-33.el9_7
Red Hat / Red Hat Enterprise Linux 9
Fixed in 0:1.15.0-7.el9_8.1
Red Hat / Red Hat Enterprise Linux 9
Fixed in 0:1.20.11-34.el9_8
Red Hat / Red Hat Enterprise Linux 9
Fixed in 0:24.1.9-4.el9_8
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Fixed in 0:21.1.3-5.el9_0
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Fixed in 0:1.20.11-13.el9_0
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Fixed in 0:1.11.0-22.el9_0.17
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Fixed in 0:21.1.3-10.el9_2
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Fixed in 0:1.20.11-20.el9_2

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Metrics

Fix available