CVE-2014-5195

Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.

Published: Aug 7, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-5195
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
ayatana_project / unity	-	7.2.2.x
ayatana_project / unity	7.2.0	7.2.0.x
ayatana_project / unity	7.2.1	7.2.1.x
ayatana_project / unity	7.3.0	7.3.0.x

http://www.osvdb.org/109788
http://www.securityfocus.com/bid/68987
http://www.ubuntu.com/usn/USN-2303-1
https://bugs.launchpad.net/unity/7.2/+bug/1349128
https://exchange.xforce.ibmcloud.com/vulnerabilities/95199

Vulnerability Database

289,697

CVE-2014-5195