CVE-2020-27837

6.4MEDIUM

Key Information:

Vendor: Gnome
Status: Gdm
Vendor: CVE Published:; 28 December 2020

Summary

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

Affected Version(s)

gdm prior to 3.38.2.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1906812

x_refsource_MISC

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 28, 2020
Vulnerability Reserved
Oct 27, 2020