Remember when I said update your windows machines today? Update your linux boxes tomorrow: https://lists.x.org/archives/xorg/2022-July/061035.html
Follow
@mhoye, thanks for sharing.
These #Xorg vulnerabilities look like something that #QubesOS users should keep an eye out for.
I'm not sure what's exactly being mapped into that in-RAM virtual framebuffer driver, but this looks like a way to escape into DOM0 and wreak havoc on the system.
That GUI domain would have helped a lot in this situation. And also a way to "disable GUI" for particular VMs, like for the USB "firewall" domain.
