CVE-2018-14424
published 2018-08-14CVE-2018-14424: The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to…
PriorityP336high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.53%
40.8th percentile
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdm3 | < gdm3 3.28.2-4 (bookworm) | gdm3 3.28.2-4 (bookworm) |
| gnome | gnome_display_manager | <= 3.29.1 | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c4j5-hwcp-h2qq: The daemon in GDM through 3
ghsa_unreviewed·2022-05-14
CVE-2018-14424 [HIGH] CWE-416 GHSA-c4j5-hwcp-h2qq: The daemon in GDM through 3
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
OSV
CVE-2018-14424: The daemon in GDM through 3
osv·2018-08-14·CVSS 7.8
CVE-2018-14424 [HIGH] CVE-2018-14424: The daemon in GDM through 3
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
Red Hat
gdm: use-after-free in the GDM daemon
vendor_redhat·2018-08-13·CVSS 7.8
CVE-2018-14424 [HIGH] CWE-416 gdm: use-after-free in the GDM daemon
gdm: use-after-free in the GDM daemon
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
Package: gdm (Red Hat Enterprise Linux 6) - Not affected
Package: gdm (Red Hat Enterprise Linux 7) - Will not fix
Package: gdm (Red Hat Enterprise Linux 8) - Not affected
Ubuntu
GDM vulnerability
vendor_ubuntu·2018-08-13
CVE-2018-14424 GDM vulnerability
Title: GDM vulnerability
Summary: GDM could be made to crash or run programs as the administrator.
A use-after-free was discovered in GDM. A local user could exploit this to
cause a denial of service, or potentially execute arbitrary code as the
administrator.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Debian
CVE-2018-14424: gdm3 - The daemon in GDM through 3.29.1 does not properly unexport display objects from...
vendor_debian·2018·CVSS 7.8
CVE-2018-14424 [HIGH] CVE-2018-14424: gdm3 - The daemon in GDM through 3.29.1 does not properly unexport display objects from...
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
Scope: local
bookworm: resolved (fixed in 3.28.2-4)
bullseye: resolved (fixed in 3.28.2-4)
forky: resolved (fixed in 3.28.2-4)
sid: resolved (fixed in 3.28.2-4)
trixie: resolved (fixed in 3.28.2-4)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-14424 gdm: use-after-free in the GDM daemon [fedora-all]
bugzilla·2018-08-13·CVSS 7.8
CVE-2018-14424 [HIGH] CVE-2018-14424 gdm: use-after-free in the GDM daemon [fedora-all]
CVE-2018-14424 gdm: use-after-free in the GDM daemon [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2018-14424 gdm: use-after-free in the GDM daemon
bugzilla·2018-07-20·CVSS 7.8
CVE-2018-14424 [HIGH] CVE-2018-14424 gdm: use-after-free in the GDM daemon
CVE-2018-14424 gdm: use-after-free in the GDM daemon
A flaw was found in GDM daemon. A use-after-free in the GDM daemon, which is possible to trigger via a specially crafted sequence of D-Bus method calls as an unprivileged user.
Discussion:
Acknowledgments:
Name: Chris Coulson (Ubuntu Security)
---
Upstream bug:
https://gitlab.gnome.org/GNOME/gdm/issues/401
---
Created gdm tracking bugs for this issue:
Affects: fedora-all [bug 1615446]
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2018-14424
http://www.securityfocus.com/bid/105179https://gitlab.gnome.org/GNOME/gdm/issues/401https://lists.debian.org/debian-lts-announce/2018/09/msg00003.htmlhttps://usn.ubuntu.com/3737-1/https://www.debian.org/security/2018/dsa-4270http://www.securityfocus.com/bid/105179https://gitlab.gnome.org/GNOME/gdm/issues/401https://lists.debian.org/debian-lts-announce/2018/09/msg00003.htmlhttps://usn.ubuntu.com/3737-1/https://www.debian.org/security/2018/dsa-4270
2018-08-14
Published