CVE-2015-8025

XScreenSaver <5.34 - Privilege Escalation

Title source: llm
STIX 2.1

Description

driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.

References (10)

Core 10
Core References
Various Sources x_refsource_confirm
https://www.jwz.org/blog/2015/10/xscreensaver-5-34/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034052
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-11/msg00102.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3438
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/24/2
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/25/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/29/12
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2789-1

Scores

EPSS 0.0051
EPSS Percentile 40.0%

Details

CWE
CWE-264
Status published
Products (2)
canonical/ubuntu_linux 12.04
xscreensaver_project/xscreensaver 5.33
Published Nov 10, 2015
Tracked Since Feb 18, 2026