Vulnerability Details : CVE-2013-2190
The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors.
Products affected by CVE-2013-2190
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:a:clutter_project:clutter:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2190
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2190
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-2190
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2190
-
https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e
x11: trap errors when calling XIQueryDevice (e310c68d) · Commits · GNOME / clutter · GitLabExploit;Patch
-
https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab
x11: trap errors when calling XIQueryDevice (d343cc62) · Commits · GNOME / clutter · GitLab
-
https://bugzilla.gnome.org/show_bug.cgi?id=701974
Bug 701974 – x11: trap errors when calling XIQueryDevice
-
http://www.openwall.com/lists/oss-security/2013/06/19/1
oss-security - Re: CVE request: gnome-shell crash, screen unlock on resume
-
http://lists.opensuse.org/opensuse-updates/2013-10/msg00014.html
openSUSE-SU-2013:1540-1: moderate: clutter: fixed a crash after system rVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=980111
980111 – (CVE-2013-2190) CVE-2013-2190 clutter: Improper translation of hierarchy events (gnome-shell crash after system resume)
Jump to