CVE-2014-7300

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnome-shell
Vendor: CVE Published:; 25 December 2014

Summary

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

References

https://git.gnome.org/browse/gnome-shell/commit/?id=a72dc...

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2015-0535.html

vendor-advisoryx_refsource_REDHAT

https://git.gnome.org/browse/gnome-shell/commit/?id=f02b0...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 25, 2014
Vulnerability Reserved
Oct 2, 2014