Lemonsqueeze

**Name of the Vulnerable Software and Affected Versions** X.Org X server versions 20.11 through 21.1.16 **Description** The issue arises when a client application uses easystroke for mouse gestures, and the main thread modifies various data structures used by the input thread without acquiring a lock, resulting in a race condition. Specifically, AttachDevice in dix/devices.c does not acquire an input lock. **Recommendations** For X.Org X server versions 20.11 through 21.1.16, consider disabling the use of easystroke for mouse gestures until a patch is available, as a temporary workaround to minimize the risk of exploitation. Restrict access to the AttachDevice function in dix/devices.c to prevent unauthorized modifications to data structures used by the input thread.