In the library Libinput 1.20.1 , providing a unified input stack that allows you to use some and the same means of processing events from input devices in environments based on Wayland and X.org, Eliminated Vulnerability ( CVE-2022-1215 ), which allows you to organize the execution of your code when connecting to the system of a specially modified / emulated input device. The problem is manifested in the environments based on X.org and Wayland, and can be operated both with the local connection of devices and when manipulating with devices with the Bluetooth interface. If the X server is executed with ROOT rights, the vulnerability allows you to achieve an execution code with elevated privileges.
The problem is caused by an error in formatting a string in the code that is responsible for outputting information about the connection of the device. In particular, the problem is due to the fact that the functions of the class were called in the code twice
Printf and during the second call to the formatting unit fell to the value obtained from the device. Due to the lack of Check The presence of specialists in the device name, the attacker could initiate the buffer overflow when the identifier returns containing string formatting symbols (for example, “Evil% s”).
First in the EVDEV_LOG_MSG function using SNPrintF formed The string in which, including the value of the variable with the device identifier. Next, to output into the log, this line was transmitted to the Log_MSG_VA function, which in turn used function printf With the displayed value in the first argument to which the analysis of formatting characters is applied.