Vulnerability CVE-2020-27837: Information

Description

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

Severity: MEDIUM (6.4) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-27837

Published: Dec. 28, 2020

Modified: Dec. 30, 2020

Error type identifier: CWE-362

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
gdm	sisyphus	3.38.2.1-alt1	46.0-alt1	ALT-PU-2020-3514-1	263493	Fixed
gdm	p10	3.38.2.1-alt1	40.1-alt2	ALT-PU-2020-3514-1	263493	Fixed
gdm	c10f1	3.38.2.1-alt1	40.1-alt2	ALT-PU-2020-3514-1	263493	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1906812	Issue Tracking Patch Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*
  End excliding
  3.38.2.1

Version: v24.4.2

Vulnerability CVE-2020-27837: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1