CVE-2014-5195 Information

Description

Unity before 7.2.3 and 7.3.x before 7.3.1 as used in Ubuntu does not properly take focus of the keyboard when switching to the lock screen which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.

Reference

http://www.osvdb.org/109788 http://www.securityfocus.com/bid/68987 http://www.ubuntu.com/usn/USN-2303-1 https://bugs.launchpad.net/unity/7.2/+bug/1349128 https://exchange.xforce.ibmcloud.com/vulnerabilities/95199