Vulnerability CVE-2020-27837: Information
Description
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
Severity: MEDIUM (6.4) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
gdm | sisyphus | 3.38.2.1-alt1 | 46.0-alt1 | ALT-PU-2020-3514-1 | 263493 | Fixed |
gdm | p10 | 3.38.2.1-alt1 | 40.1-alt2 | ALT-PU-2020-3514-1 | 263493 | Fixed |
gdm | c10f1 | 3.38.2.1-alt1 | 40.1-alt2 | ALT-PU-2020-3514-1 | 263493 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1906812 |
|