VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 7, 2010· Updated Apr 29, 2026

CVE-2009-4997

CVE-2009-4997

Description

gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

gnome-power-manager 2.27.92 fails to lock screen on resume from suspend or hibernate, allowing physically proximate attackers to access unattended laptops.

Vulnerability

In gnome-power-manager version 2.27.92, the lock_on_suspend and lock_on_hibernate settings are not properly implemented, so the screen does not lock when resuming from suspend or hibernate [1][2]. This regression followed an earlier fix and affects the Karmic (9.10) release [2].

Exploitation

An attacker with physical proximity to the laptop can simply open the lid or press a resume button to wake the system from a suspended or hibernated state. No authentication is required, and the user's desktop is immediately accessible without any password prompt.

Impact

Successful exploitation grants the attacker unauthorized access to the logged-in user's session, including all open applications, files, and system functions. This compromises confidentiality and integrity, with the attacker operating at the privilege level of the unsuspecting user.

Mitigation

The provided references do not specify a fix version. Users should upgrade to a version of gnome-power-manager later than 2.27.92, if available. As a workaround, ensure that screensaver locking is enabled separately, though this may not address the resume scenario.

References
  1. Bug #42052 “Screen not locked on resume from hibernate/suspend” : Bugs : gnome-power-manager package : Ubuntu
  2. Bug #428115 “Does not lock screen on lid close” : Bugs : gnome-power-manager package : Ubuntu

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • GNOME Foundation/Power Manager2 versions
    cpe:2.3:a:gnome:power_manager:2.27.92:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gnome:power_manager:2.27.92:*:*:*:*:*:*:*
    • (no CPE)range: = 2.27.92

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.