]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eced74c) | patch
xserver-xorg: fix CVE-2022-49737
authorYogita Urade <yogita.urade@windriver.com>
Fri, 21 Mar 2025 12:55:51 +0000 (12:55 +0000)
committerSteve Sakoman <steve@sakoman.com>
Fri, 21 Mar 2025 13:48:11 +0000 (06:48 -0700)
commitc6a8ad45174a416c4129deb210eab9b7721ce01d
tree9c9e2da43b87e618c84d27f8d03d411cad9f310atree | snapshot
parenteced74ca3be7d6c47e7c50152a36e0b1e8eba74acommit | diff
xserver-xorg: fix CVE-2022-49737

In X.Org X server 20.11 through 21.1.16, when a client application
uses easystroke for mouse gestures, the main thread modifies various
data structures used by the input thread without acquiring a lock,
aka a race condition. In particular, AttachDevice in dix/devices.c
does not acquire an input lock.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-49737

Upstream patch:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-49737.patch [new file with mode: 0644] blob
meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib