X.Org X Server Race Condition Vulnerability Leading to Crashes

A race condition vulnerability has been identified in X.Org X Server versions 20.11 through 21.1.16. When a client application utilizes Easystroke for mouse gestures, the main thread can modify data structures used by the input thread without proper synchronization, creating a potential for data corruption. This issue arises because the AttachDevice function in dix/devices.c fails to acquire an input lock, allowing concurrent threads to interfere with each other. The vulnerability can lead to segmentation faults and application crashes, particularly when the system is under heavy load and Easystroke is used to scroll pages quickly.

Impact

Exploitation of this vulnerability causes X.Org to crash, returning the user to the login screen. This behavior has been observed while using web browsers and terminal applications, suggesting a broad impact on user experience and application stability.

Reproduction

The vulnerability can be reproduced by opening multiple tabs in a web browser, such as Chromium or Firefox, and then scrolling quickly with the mouse wheel while switching between tabs. This rapid input can overwhelm the X.Org server, which fails to process the events correctly due to the underlying race condition, leading to a crash. The issue can also be triggered by using Easystroke for mouse gestures, which adds an additional layer of input that can exacerbate the problem.

Remediation

Users can upgrade to X.Org X Server version 2:21.1.16-1.1 to address this vulnerability.