CVE-2022-40297

Name of the Vulnerable Software and Affected Versions UBports Ubuntu Touch version 16.04

Description The issue allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, which is far below the typical length and complexity for a user account's password. A third party claims that the described attack cannot be executed as demonstrated.

Recommendations For UBports Ubuntu Touch version 16.04, consider disabling the use of the screen-unlock passcode for privileged shell access via Sudo as a temporary workaround until a patch is available. Restrict access to Sudo to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.