Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 02:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.osvdb.org/109788 - | |
References | () http://www.securityfocus.com/bid/68987 - | |
References | () http://www.ubuntu.com/usn/USN-2303-1 - | |
References | () https://bugs.launchpad.net/unity/7.2/+bug/1349128 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/95199 - |
Information
Published : 2014-08-07 11:13
Updated : 2024-11-21 02:11
NVD link : CVE-2014-5195
Mitre link : CVE-2014-5195
CVE.ORG link : CVE-2014-5195
JSON object : View
Products Affected
canonical
- ubuntu_linux
ayatana_project
- unity
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')