CVE-2014-5195

high

Description

Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95199

https://bugs.launchpad.net/unity/7.2/+bug/1349128

http://www.ubuntu.com/usn/USN-2303-1

http://www.securityfocus.com/bid/68987

http://www.osvdb.org/109788

Details

Source: Mitre, NVD

Published: 2014-08-07

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

EPSS

EPSS: 0.00043