CVE-2010-0732 — Race Condition in GTK

CWE-362 — Race Condition CWE-662 — Improper Synchronization CWE-672 — Operation on a Resource after Expiration or Release CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-305 — Authentication Bypass by Primary Weakness7 documents7 sources

Severity

6.2MEDIUMNVD

EPSS

0.0%

top 87.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome GTK Gnome Screensaver

Timeline

PublishedMar 19

Latest updateMay 2

Description

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages2 packages

▶NVDgnome/screensaver< 2.28.1

▶NVDgnome/gtk< 2.18.5

Patches

Patch: git.gnome.org ↗Patch: git.gnome.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-xm6w-hhcm-7v7g: gdk/gdkwindow↗2022-05-02

▶

CVEList

CVE-2010-0732: gdk/gdkwindow↗2010-03-19

▶

OSV

CVE-2010-0732: gdk/gdkwindow↗2010-03-19

▶

📋Vendor Advisories

Debian

CVE-2010-0732: gtk+2.0 - gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28....↗2010

▶

Red Hat

gnome-screensaver: Race condition between shaking the unlock dialog and clearing the screen↗2009-10-14

▶

💬Community

Bugzilla

CVE-2010-0732 gnome-screensaver: Race condition between shaking the unlock dialog and clearing the screen↗2010-02-15

▶