Vulnerability Name:

CVE-2016-2312 (CCN-110576)

Assigned:2016-02-19
Published:2016-02-19
Updated:2018-10-30
Summary:Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
CVSS v3 Severity:6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-254
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2016-2312

Source: FEDORA
Type: Third Party Advisory
FEDORA-2016-2302ed02a7

Source: FEDORA
Type: Third Party Advisory
FEDORA-2016-17670e1b90

Source: CCN
Type: oss-sec Mailing List, Tue, 09 Feb 2016 23:26:32 +0100
KDE Plasma vulnerability: need CVE

Source: CCN
Type: oss-sec Mailing List, Tue, 9 Feb 2016 18:37:26 -0500 (EST)
Re: KDE Plasma vulnerability: need CVE

Source: MISC
Type: Vendor Advisory
https://bugs.kde.org/show_bug.cgi?id=358125

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.opensuse.org/show_bug.cgi?id=964548

Source: CCN
Type: Red Hat Bugzilla – Bug 1306295
CVE-2016-2312 plasma-workspace: kscreenlocker: Lock screen bypass

Source: XF
Type: UNKNOWN
plasma-workspace-cve20162312-sec-bypass(110576)

Source: CCN
Type: KDE Project Security Advisory 20160209-1
plasma-workspace, kscreenlocker: Lock screen bypass

Source: CONFIRM
Type: Vendor Advisory
https://www.kde.org/info/security/advisory-20160209-1.txt

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-2312

Vulnerable Configuration:Configuration 1:
  • cpe:/a:kde:kscreenlocker:*:*:*:*:*:*:*:* (Version <= 5.5.4)
  • OR cpe:/a:kde:plasma-workspace:*:*:*:*:*:*:*:* (Version <= 5.4.3)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:23:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:leap:42.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20162312
    V
    		CVE-2016-2312
    2022-06-30
    oval:org.opensuse.security:def:112521
    P
    		kscreenlocker-5.8.4-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106012
    P
    		kscreenlocker-5.8.4-1.1 on GA media (Moderate)
    2021-10-01
    oval:com.ubuntu.xenial:def:201623120000000
    V
    		CVE-2016-2312 on Ubuntu 16.04 LTS (xenial) - low.
    2016-12-23
    oval:com.ubuntu.artful:def:20162312000
    V
    		CVE-2016-2312 on Ubuntu 17.10 (artful) - low.
    2016-12-23
    oval:com.ubuntu.bionic:def:20162312000
    V
    		CVE-2016-2312 on Ubuntu 18.04 LTS (bionic) - low.
    2016-12-23
    oval:com.ubuntu.cosmic:def:201623120000000
    V
    		CVE-2016-2312 on Ubuntu 18.10 (cosmic) - low.
    2016-12-23
    oval:com.ubuntu.cosmic:def:20162312000
    V
    		CVE-2016-2312 on Ubuntu 18.10 (cosmic) - low.
    2016-12-23
    oval:com.ubuntu.bionic:def:201623120000000
    V
    		CVE-2016-2312 on Ubuntu 18.04 LTS (bionic) - low.
    2016-12-23
    oval:com.ubuntu.xenial:def:20162312000
    V
    		CVE-2016-2312 on Ubuntu 16.04 LTS (xenial) - low.
    2016-12-23
    BACK
    kde kscreenlocker *
    kde plasma-workspace *
    fedoraproject fedora 22
    fedoraproject fedora 23
    opensuse leap 42.1