CVE-2014-5195
Unity < 7.2.3 and 7.3.x < 7.3.1 - Lock Screen Bypass via Keyboard Focus Race Condition
Title source: llmDescription
Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95199
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2303-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68987
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/109788
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/unity/7.2/+bug/1349128
Scores
EPSS
0.0030
EPSS Percentile
21.5%
Details
CWE
CWE-362
Status
published
Products (4)
ayatana_project/unity
7.2.0
ayatana_project/unity
7.2.1
ayatana_project/unity
7.3.0
ayatana_project/unity
< 7.2.2
Published
Aug 07, 2014
Tracked Since
Feb 18, 2026