Fixed
Created: Mar 16, 2025
Updated: May 21, 2025
Resolved Date: May 21, 2025
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace
In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.
CREATE(Triage):(User=admin) CVE-2022-49737 (https://nvd.nist.gov/vuln/detail/CVE-2022-49737)
