CVE-2022-49737
published 2025-03-16CVE-2022-49737: In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by…
high7.7CVSS 3.1
AVNACHPRLUINSCCLILAH
In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xorg-server | < xorg-server 2:21.1.16-1.1 (forky) | xorg-server 2:21.1.16-1.1 (forky) |
| x.org | x_server | 20.11 – 21.1.16 | — |
| x.org | xorg-server | >= 0 < 2:21.1.16-1.1 | 2:21.1.16-1.1 |
| x.org | xorg-server | >= 0 < 2:21.1.16-1.1 | 2:21.1.16-1.1 |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
osv7.7HIGH