The xorg-x11-server log may have a format string flaw in certain forms of its log message. An attacker would have to give a device a specific name and then get the local Xorg server instance to use it for the flaw to cause the server to abort or malfunction.

IBM rated this vulnerability high risk yet gave it a base score of 4.4

X.org could allow a local attacker to execute arbitrary code on the system, caused by a format string error when adding an input device with a malicious name. By persuading a victim to open a specially-crafted file containing malicious format specifiers, a local attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

NIST gives it a perfect 10, however.

Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

The flaw is explained on Patchwork

The culprit here was not the user-supplied format string but rather xf86IDrvMsg using the device’s name, assembling a format string in the form of

 [driver]: [name]: message[/name][/driver]

i.e. “evdev: %n%n%n%n: Device \”%s\”\n”
and using that as format string to LogVWrite.

I also mentioned a serious vulnerability related to evdev in an earlier post.

…crash is related to changing the driver for input devices using evdev (xserver-xorg-input-evdev) — the kernel event delivery mechanism that handles multiple keyboards and mice as separate input devices