xwayland: fix CVE-2022-49737 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-03-21 12:55:52 +0000
committer	Steve Sakoman <steve@sakoman.com>	2025-03-27 08:16:30 -0700
commit	9da4f8dc2b70709dd58b5003d3a765af9f5ef9b9 (patch)
tree	1a31d53a1abfd46980bc07eb48a996d8fe13e3bc /scripts/lib/scriptutils.py
parent	5076bd268c7a47969d2d62f979656d635cfe9f0f (diff)
download	poky-9da4f8dc2b70709dd58b5003d3a765af9f5ef9b9.tar.gz

xwayland: fix CVE-2022-49737

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-49737 Upstream patch: https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0 (From OE-Core rev: 740ea9019cf5cf309c5a4ef380eac17d21078ac8) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: