{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T21:03:27.024","vulnerabilities":[{"cve":{"id":"CVE-2022-49737","sourceIdentifier":"cve@mitre.org","published":"2025-03-16T01:15:35.543","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock."},{"lang":"es","value":"En el servidor X de X.Org (versión 20.11 a 21.1.16), cuando una aplicación cliente usa easystroke para los gestos del ratón, el hilo principal modifica diversas estructuras de datos utilizadas por el hilo de entrada sin adquirir un bloqueo (es decir, una condición de ejecución). En particular, AttachDevice en dix/devices.c no adquiere un bloqueo de entrada."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.3}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-413"}]}],"references":[{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1081338;filename=dix-Hold-input-lock-for-AttachDevice.patch;msg=5","source":"cve@mitre.org"},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081338","source":"cve@mitre.org"},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0","source":"cve@mitre.org"},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/issues/1260","source":"cve@mitre.org"},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081338","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}