Since then, all Linux Mint distributions using a Cinnamon version of 4.2 and later are vulnerable to this bypass. Lefebvre said the bug was introduced in the Linux Mint OS when the project patched another vulnerability last October, tracked as CVE-2020-25712.
More specifically, the bug occurs when users press the " ē" key on the on-screen keyboard.īut while in most scenarios, the bug crashes the Cinnamon desktop process, if the on-screen keyboard is opened from the screensaver, the bug crashes the screensaver instead, allowing users to access the underlying desktop. Bug source: Pressing the ē key on the OSKĪccording to Linux Mint lead developer Clement Lefebvre, the issue was eventually tracked down to libcaribou, the on-screen keyboard (OSK) component that ships with Cinnamon, the desktop interface used by Linux Mint. "I thought it was a unique incident, but they managed to do it a second time," the user added.
"A few weeks ago, my kids wanted to hack my Linux desktop, so they typed and clicked everywhere while I was standing behind them looking at them play," wrote a user identifying themselves as robo2bobo.Īccording to the bug report, the two kids pressed random keys on both the physical and on-screen keyboards, which eventually led to a crash of the Linux Mint screensaver, allowing the two access to the desktop. This particularly nasty security flaw was discovered by two kids playing on their dad's computer, according to a bug report on GitHub. One of the best ways to learn is via a Linux Foundation course. Want a good tech job? Then you need to know Linux and open-source software. Google Drive alternative: Decentralized and encrypted