CVE-2016-2312
MEDIUMKDE Plasma-workspace and kscreenlocker - Unauthenticated Screen Unlock Bypass via Screen Off Action
Title source: llmDescription
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://www.kde.org/info/security/advisory-20160209-1.txt
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.opensuse.org/show_bug.cgi?id=964548
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177454.html
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177557.html
Vendor Advisory x_refsource_misc
https://bugs.kde.org/show_bug.cgi?id=358125
Scores
CVSS v3
6.8
EPSS
0.0008
EPSS Percentile
22.9%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-254
Status
published
Products (5)
fedoraproject/fedora
22
fedoraproject/fedora
23
kde/kscreenlocker
< 5.5.4
kde/plasma-workspace
< 5.4.3
opensuse/leap
42.1
Published
Dec 23, 2016
Tracked Since
Feb 18, 2026