CVE-2022-40297
First published: Thu Sep 08 2022(Updated: )
** DISPUTED ** UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Touch | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-40297?
The severity of CVE-2022-40297 is disputed, but it presents a potential security risk due to low passcode complexity.
How does CVE-2022-40297 affect Ubuntu Touch 16.04?
CVE-2022-40297 allows the screen-unlock passcode to be used for gaining privileged access via Sudo.
How can I mitigate CVE-2022-40297?
Mitigation of CVE-2022-40297 involves increasing the complexity requirements for screen-unlock passcodes.
Is there a patch available for CVE-2022-40297?
As of now, there is no official patch released to address CVE-2022-40297.
What should users of Ubuntu Touch 16.04 do regarding CVE-2022-40297?
Users of Ubuntu Touch 16.04 should be aware of the vulnerability and consider using more secure alternatives or additional security measures.
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/status
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- status/disputed
- vendor/ubports
- canonical/ubuntu touch
- version/ubuntu touch/16.04