CVE-2014-7300 — Improper Authorization in Gnome-shell

CWE-399 CWE-285 — Improper Authorization CWE-770 — Allocation of Resources Without Limits or Throttling CWE-305 — Authentication Bypass by Primary Weakness8 documents7 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 86.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gnome-shell Redhat Enterprise Linux Desktop Redhat Enterprise Linux HPC Node +2 more

Timeline

PublishedDec 25

Latest updateMay 17

Description

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages6 packages

▶Debiangnome/gnome-shell< 3.14.1-1+3

▶NVDgnome/gnome-shell3.14.0

▶NVDredhat/enterprise_linux_workstation7.0

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Patches

Patch: git.gnome.org ↗Patch: git.gnome.org ↗Patch: git.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-gg6w-rmxx-j7xr: GNOME Shell 3↗2022-05-17

▶

OSV

CVE-2014-7300: GNOME Shell 3↗2014-12-25

▶

CVEList

CVE-2014-7300: GNOME Shell 3↗2014-12-25

▶

📋Vendor Advisories

Red Hat

gnome-shell: lockscreen bypass with printscreen key↗2014-09-27

▶

Debian

CVE-2014-7300: gnome-shell - GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not...↗2014

▶

💬Community

Bugzilla

CVE-2014-7300 gnome-shell: lockscreen bypass with printscreen key [rhel-7.1]↗2014-10-17

▶

Bugzilla

CVE-2014-7300 gnome-shell: lockscreen bypass with printscreen key↗2014-09-30

▶