CVE-2015-8025 — Xscreensaver vulnerability

CWE-2649 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 82.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xscreensaver Debian Xscreensaver Canonical Ubuntu Linux +1 more

Timeline

PublishedNov 10

Latest updateMay 17

Description

driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xscreensaver< xscreensaver 5.34-1 (bookworm)

▶Debianxscreensaver/xscreensaver< 5.34-1+3

▶NVDxscreensaver_project/xscreensaver5.33

Also affects: Ubuntu Linux 12.04

🔴Vulnerability Details

GHSA

GHSA-gfx7-7vxh-f4g8: driver/subprocs↗2022-05-17

▶

OSV

CVE-2015-8025: driver/subprocs↗2015-11-10

▶

📋Vendor Advisories

Ubuntu

XScreenSaver vulnerability↗2015-11-03

▶

Debian

CVE-2015-8025: xscreensaver - driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an inter...↗2015

▶

💬Community

Bugzilla

CVE-2015-8025 xscreensaver: crash when unpluging second monitor cable while asking for password [epel-6]↗2015-10-30

▶

Bugzilla

CVE-2015-8025 xscreensaver: crash when unpluging second monitor cable while asking for password↗2015-10-30

▶

Bugzilla

xscreensaver: Unplugging HDMI cable can cause lock bypass↗2015-10-29

▶

Bugzilla

Xscreensaver lock bypass↗2015-10-22

▶