CVE-2016-2312

MEDIUM

KDE Kscreenlocker < 5.5.4 - Security Feature Bypass

Title source: rule

Description

Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

References (5)

[Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177454.html

[Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177557.html

[Vendor Advisory] https://bugs.kde.org/show_bug.cgi?id=358125

[Issue Tracking, Third Party Advisory] https://bugzilla.opensuse.org/show_bug.cgi?id=964548

[Vendor Advisory] https://www.kde.org/info/security/advisory-20160209-1.txt

Scores

CVSS v3 6.8

EPSS 0.0008

EPSS Percentile 22.9%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-254

Status published

Affected Products (6)

kde/kscreenlocker < 5.5.4

kde/plasma-workspace < 5.4.3

fedoraproject/fedora

opensuse/leap

n/a/n/a

Timeline

Published Dec 23, 2016

Tracked Since Feb 18, 2026