Gnome: >> Gnome Display Manager >> 3.33.92 Security Vulnerabilities
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
CVSS Score
6.4
EPSS Score
0.001
Published
2020-12-28
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
CVSS Score
7.2
EPSS Score
0.176
Published
2020-11-10