Bug 1306293 (CVE-2016-2312) - CVE-2016-2312 plasma-workspace, kscreenlocker: Lock screen bypass
Summary: CVE-2016-2312 plasma-workspace, kscreenlocker: Lock screen bypass
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-2312
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1306294 1306295
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-10 13:39 UTC by Adam Mariš
Modified: 2021-02-17 04:21 UTC (History)
6 users (show)

Fixed In Version: plasma-workspace 5.5.0, kscreenlocker 5.5.5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-07 17:34:14 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2016-02-10 13:39:42 UTC 
It was found that turning all screens off while the lock screen is shown can result in the screen being unlocked when turning a screen on again. An unauthorized user might gain access to a locked system. Physical access to the hardware is required.

External Reference:

https://www.kde.org/info/security/advisory-20160209-1.txt

CVE assignment:

http://seclists.org/oss-sec/2016/q1/300
Comment 1 Adam Mariš 2016-02-10 13:40:16 UTC 
Created kscreenlocker tracking bugs for this issue:

Affects: fedora-all [bug 1306295]
Comment 2 Adam Mariš 2016-02-10 13:40:23 UTC 
Created plasma-workspace tracking bugs for this issue:

Affects: fedora-all [bug 1306294]
Comment 3 Fedora Update System 2016-02-21 02:21:39 UTC 
kscreenlocker-5.5.4-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2016-02-21 16:26:52 UTC 
kscreenlocker-5.5.4-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Rex Dieter 2016-03-07 17:34:14 UTC 
Fixed since 02-21
Note You need to log in before you can comment on or make changes to this bug.