CVE-2022-49737

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.3

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1081338;filename=dix-Hold-input-lock-for-AttachDevice.patch;msg=5
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081338
https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0
https://gitlab.freedesktop.org/xorg/xserver/-/issues/1260
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081338

Configurations

No configuration.

History

17 Mar 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) En el servidor X de X.Org (versión 20.11 a 21.1.16), cuando una aplicación cliente usa easystroke para los gestos del ratón, el hilo principal modifica diversas estructuras de datos utilizadas por el hilo de entrada sin adquirir un bloqueo (es decir, una condición de ejecución). En particular, AttachDevice en dix/devices.c no adquiere un bloqueo de entrada.
References	~~() https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081338 -~~	() https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081338 -

16 Mar 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-16 01:15

Updated : 2025-03-17 16:15

NVD link : CVE-2022-49737

Mitre link : CVE-2022-49737

CVE.ORG link : CVE-2022-49737

JSON object : View

Products Affected

No product.

CWE

CWE-413

Improper Resource Locking

7.7 /10