A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1906812 | Issue Tracking Patch Third Party Advisory |
Configurations
History
30 Dec 2020, 15:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:* | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1906812 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.4
v3 : 6.4 |
28 Dec 2020, 19:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2020-12-28 19:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-27837
Mitre link : CVE-2020-27837
CVE.ORG link : CVE-2020-27837
JSON object : View
Products Affected
gnome
- gnome_display_manager
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')