Available Correcting release X.org Server 21.1.7 , in which it is eliminated vulnerability ( cve-2023-0494 ), which allows you to raise its privileges in the system if the X-server is executed with Root rights, or execute the code on the remote system, if the X11 session is used to access the SSH.
vulnerability arose due to missed Figure brackets in the expression “Else {“, which is why the challenge of the chasing function () was the following. Memory was released, but a sign was not set
NULL in the pointer attached to the buffer, which led to further contacting the buffer after its release (use-autr-free) in the function of Deepcopypointerclasses used in the extension of the X Input. Through manipulation with data processed in the functions of ProCxkbSetDeviceinfo () and ProCxkbgetDeviceinfo (), the attacker can read and record data in the released area of memory and achieve the execution of his code with the rights of the X-server.