Description
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
References (7)
Core 7
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/QubesOS/qubes-issues/issues/6595
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/06/05/1
Exploit, Third Party Advisory x_refsource_misc
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt
Patch, Third Party Advisory x_refsource_misc
https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/06/11/1
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/07/06/2
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/
Scores
CVSS v3
4.6
EPSS
0.0007
EPSS Percentile
20.2%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-120
Status
published
Products (2)
fedoraproject/fedora
33
xscreensaver_project/xscreensaver
5.45
Published
Jun 10, 2021
Tracked Since
Feb 18, 2026