Jan-Niklas Sohn discovered that missing input sanitising in the XInput extension of the X.org X server may result in privilege escalation if the X server is running privileged.