Kids at play discover bug that could unlock Linux Mint

Linux Mint contained a vulnerability that allowed the screen lock to be bypassed. The vulnerability was in the libcaribou library in the Cinnamon interface. Remarkably, the bug was discovered after a few kids played with it.

The issue is described in a bug report submitted by a user. He tells how he tried to get his kids to hack into his desktop and how they suddenly bypassed the lock screen by tapping and clicking random places. The user also managed to reproduce the issue multiple times.

In the end, the problem turned out to be in the libcaribou library. That’s the part in desktop interface Cinnamon that calls up the virtual keyboard. More specifically, the bug occurs when users type the letter ē on that keyboard. If that keyboard is open on the lock screen, that screen crashes and users can access the desktop.

The bug arose after Mint released a security update last year. Since then, all versions of Linux Mint with Cinnamon 4.2 or later are vulnerable. A patch is now available.