CVE Vulnerabilities

CVE-2022-49737

Improper Resource Locking

Published: Mar 16, 2025 | Modified: Apr 15, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
LOW
root.io logo minimus.io logo echo.ai logo

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock.

Weakness

The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource.

Affected Software

NameVendorStart VersionEnd Version
Xorg-serverUbuntudevel*
Xorg-serverUbuntuesm-infra/xenial*
Xorg-serverUbuntufocal*
Xorg-serverUbuntuoracular*
Xorg-serverUbuntuplucky*
Xorg-serverUbuntuquesting*
Xorg-serverUbunturesolute*
Xorg-server-hwe-16.04Ubuntuesm-infra/xenial*
XwaylandUbuntuoracular*
XwaylandUbuntuplucky*

Potential Mitigations

References