Lucene search

[email protected]CVE-2009-4997

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-4997

2022-10-0316:24:04

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-4997

gnome-power-manager

lock_on_suspend

lock_on_hibernate

screen lock

physical access

vulnerability

6.4 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

26.5%

JSON

gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier.

Affected configurations

NVD

Node

gnomepower_managerMatch2.27.92

CPENameOperatorVersion
gnome:power_managergnome power managereq2.27.92

CPE	Name	Operator	Version
gnome:power_manager	gnome power manager	eq	2.27.92

References

bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052

bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/428115

6.4 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

26.5%

JSON

Related for CVE-2009-4997

prion3 cvelist4 ubuntucve4 debiancve3 nvd4 nessus1 cve3