CVE-2016-10894
Last modified
CVE-2016-10894 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xtrlock Project | Xtrlock | <= 2.10 |
| Debian | Debian Linux | 8.0 |
References
- https://bugs.debian.org/830726Issue Tracking, Patch, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/10/msg00019.htmlMailing List, Third Party Advisory
- https://bugs.debian.org/830726Issue Tracking, Patch, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/10/msg00019.htmlMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10894?
How severe is CVE-2016-10894?
How do I fix CVE-2016-10894?
Are you affected by CVE-2016-10894?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST