GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
References
Link | Resource |
---|---|
http://openwall.com/lists/oss-security/2014/09/29/17 | Mailing List Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0535.html | Third Party Advisory |
https://bugzilla.gnome.org/show_bug.cgi?id=737456 | Issue Tracking Vendor Advisory |
https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013 | Issue Tracking Patch |
https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378 | Issue Tracking Patch |
http://openwall.com/lists/oss-security/2014/09/29/17 | Mailing List Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0535.html | Third Party Advisory |
https://bugzilla.gnome.org/show_bug.cgi?id=737456 | Issue Tracking Vendor Advisory |
https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013 | Issue Tracking Patch |
https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378 | Issue Tracking Patch |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 02:16
Type | Values Removed | Values Added |
---|---|---|
References | () http://openwall.com/lists/oss-security/2014/09/29/17 - Mailing List, Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2015-0535.html - Third Party Advisory | |
References | () https://bugzilla.gnome.org/show_bug.cgi?id=737456 - Issue Tracking, Vendor Advisory | |
References | () https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013 - Issue Tracking, Patch | |
References | () https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378 - Issue Tracking, Patch |
Information
Published : 2014-12-25 21:59
Updated : 2024-11-21 02:16
NVD link : CVE-2014-7300
Mitre link : CVE-2014-7300
CVE.ORG link : CVE-2014-7300
JSON object : View
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_hpc_node
- enterprise_linux_workstation
- enterprise_linux_server
gnome
- gnome-shell
CWE
CWE-399
Resource Management Errors