xserver-xorg: fix CVE-2022-49737 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-03-21 12:55:51 +0000
committer	Steve Sakoman <steve@sakoman.com>	2025-03-27 08:16:30 -0700
commit	5076bd268c7a47969d2d62f979656d635cfe9f0f (patch)
tree	cdc5b2b0a69356615045dd95c45f249e6c75d5d4 /scripts/lib/scriptutils.py
parent	4df4248036691770da37fda0e824b3966ea29997 (diff)
download	poky-5076bd268c7a47969d2d62f979656d635cfe9f0f.tar.gz

xserver-xorg: fix CVE-2022-49737

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-49737 Upstream patch: https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0 (From OE-Core rev: c6a8ad45174a416c4129deb210eab9b7721ce01d) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: