Locking Protection Bypass Vulnerability in GNOME Shell by CentOS
CVE-2021-20315

6.1MEDIUM

Key Information:

Vendor: Gnome
Status: Gnome-shell
Vendor: CVE Published:; 18 February 2022

Summary

A vulnerability exists in GNOME Shell as included in CentOS Stream 8 that allows a physical attacker with access to a locked system to bypass locking protections. By exploiting this flaw, an attacker can forcibly terminate existing applications and initiate new ones under the context of the locked user, despite the session remaining locked. This highlights the importance of securing physical access to systems to prevent unauthorized manipulation of sessions.

Affected Version(s)

gnome-shell gnome-shell 3.32.2-40.el8

References

https://bugzilla.redhat.com/show_bug.cgi?id=2006285

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Dec 17, 2020