CVE-2012-0064 — Config Project Xkeyboard-config vulnerability

CWE-2648 documents7 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 76.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X X.org X11 Xkeyboard Config Project Xkeyboard-config

Timeline

PublishedFeb 10

Latest updateMay 4

Description

xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶NVDxkeyboard_config_project/xkeyboard-config2.4+4

▶Debianx.org/xorg-server< 2:1.11.3.901-2+3

▶NVDx/x.org_x117.5+21

🔴Vulnerability Details

GHSA

GHSA-h73q-jx23-45rq: xkeyboard-config before 2↗2022-05-04

▶

OSV

CVE-2012-0064: xkeyboard-config before 2↗2014-02-10

▶

CVEList

CVE-2012-0064: xkeyboard-config before 2↗2014-02-10

▶

📋Vendor Advisories

Red Hat

xkeyboard-config: screen-saver unlock via xkb debug key actions↗2012-01-19

▶

Debian

CVE-2012-0064: xorg-server - xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging fu...↗2012

▶

💬Community

Bugzilla

CVE-2012-0064 xkeyboard-config: screen-saver unlock via xkb debug key actions [fedora-16]↗2012-01-19

▶

Bugzilla

CVE-2012-0064 xkeyboard-config: screen-saver unlock via xkb debug key actions↗2012-01-19

▶