CVE-2010-0923 — Race Condition in SC

CWE-362 — Race Condition CWE-662 — Improper Synchronization CWE-672 — Operation on a Resource after Expiration or Release CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 88.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE SC

Timeline

PublishedMar 3

Latest updateMay 2

Description

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDkde/kde_sc4.4.0

Patches

Patch: websvn.kde.org ↗Patch: websvn.kde.org ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-8jgf-9www-j7x4: Race condition in workspace/krunner/lock/lockdlg↗2022-05-02

▶

CVEList

CVE-2010-0923: Race condition in workspace/krunner/lock/lockdlg↗2010-03-03

▶

📋Vendor Advisories

Red Hat

kdebase: race condition may allow local attackers to bypass screen locking↗2010-02-12

▶

💬Community

Bugzilla

CVE-2010-0923 kdebase: race condition may allow local attackers to bypass screen locking↗2010-03-03

▶