cbcvebase.
CVE-2020-27837
published 2020-12-28

CVE-2020-27837: A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a…

PriorityP425medium6.4CVSS 3.1
AVPACHPRNUINSUCHIHAH
EPSS
0.22%
13.1th percentile
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

Affected

2 ranges
VendorProductVersion rangeFixed in
debiangdm3< gdm3 3.38.2.1-1 (bookworm)gdm3 3.38.2.1-1 (bookworm)
gnomegnome_display_manager< 3.38.2.13.38.2.1

CVSS provenance

nvdv3.16.4MEDIUMCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv6.4MEDIUM
vendor_debian4.1MEDIUM
vendor_redhat4.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.