Vulnerability Details : CVE-2010-0422
gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.
Products affected by CVE-2010-0422
- cpe:2.3:a:gnome:screensaver:2.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:screensaver:2.28.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:screensaver:2.28.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0422
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0422
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:L/AC:H/Au:N/C:N/I:C/A:N |
1.9
|
6.9
|
NIST |
References for CVE-2010-0422
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56364
GNOME Screensaver monitor security bypass CVE-2010-0422 Vulnerability Report
-
http://git.gnome.org/browse/gnome-screensaver/commit/?id=271ae93d7b140b8ba40d77f9e4ce894e5fd1b554
Make gs_window_cancel_unlock_request synchronous (271ae93d) · Commits · Archive / gnome-screensaver · GitLab
-
http://www.securityfocus.com/bid/38248
gnome-screensaver Monitor Topology Security Bypass Vulnerability
-
http://marc.info/?l=oss-security&m=126601292400764&w=2
'[oss-security] Re: gnome-screensaver vulnerability (CVE-2010-0414)' - MARC
-
https://bugzilla.redhat.com/show_bug.cgi?id=564464
564464 – (CVE-2010-0422) CVE-2010-0422 gnome-screensaver: loses its unlock dialog and keyboard grab sometimes when plugging and unplugging monitor repeatedly
-
https://bugzilla.gnome.org/show_bug.cgi?id=609789
Bug 609789 – CVE-2010-0422 gnome-screensaver: loses its unlock dialog and keyboard grab sometimes when plugging and unplugging monitor repeatedly
-
http://git.gnome.org/browse/gnome-screensaver/commit/?id=f93a22c175090cf02e80bc3ee676b53f1251f685
Nullify grab window variables when windows are destroyed (f93a22c1) · Commits · Archive / gnome-screensaver · GitLab
-
http://ftp.gnome.org/pub/GNOME/sources/gnome-screensaver/2.28/gnome-screensaver-2.28.3.news
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035115.html
[SECURITY] Fedora 12 Update: gnome-screensaver-2.28.3-1.fc12
-
http://git.gnome.org/browse/gnome-screensaver/commit/?id=d4dcbd65a2df3c093c4e3a74bbbc75383eb9eadb
Update which monitor the unlock dialog is on when layout changes (d4dcbd65) · Commits · Archive / gnome-screensaver · GitLab
Jump to