CVE-2014-5195

Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ayatana_project:unity:*:*:*:*:*:*:*:*
cpe:2.3:a:ayatana_project:unity:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ayatana_project:unity:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ayatana_project:unity:7.3.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

History

21 Nov 2024, 02:11

Type Values Removed Values Added
References () http://www.osvdb.org/109788 - () http://www.osvdb.org/109788 -
References () http://www.securityfocus.com/bid/68987 - () http://www.securityfocus.com/bid/68987 -
References () http://www.ubuntu.com/usn/USN-2303-1 - () http://www.ubuntu.com/usn/USN-2303-1 -
References () https://bugs.launchpad.net/unity/7.2/+bug/1349128 - () https://bugs.launchpad.net/unity/7.2/+bug/1349128 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/95199 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/95199 -

Information

Published : 2014-08-07 11:13

Updated : 2024-11-21 02:11


NVD link : CVE-2014-5195

Mitre link : CVE-2014-5195

CVE.ORG link : CVE-2014-5195


JSON object : View

Products Affected

canonical

  • ubuntu_linux

ayatana_project

  • unity
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')