PT-2015-2745 · Gnome+3 · Gnome Display Manager+3

Christoph Reiter

Published

2015-11-17

Updated

2024-06-15

CVE-2015-7496

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNOME Display Manager (gdm) versions prior to 3.18.2

Description The issue allows physically proximate attackers to bypass the lock screen by holding the Escape key. It is related to insufficient access control to files in the GNOME Display Manager graphical interface, which can be exploited by a local attacker to bypass the lock screen.

Recommendations For versions prior to 3.18.2, update to version 3.18.2 or later to resolve the issue. As a temporary workaround, consider disabling the lock screen feature until a patch is available. Restrict physical access to devices running affected versions to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2015-2006

BDU:2015-12110

CESA-2017_2128

CVE-2015-7496

MGASA-2017-0248

OPENSUSE-SU-2024:10412-1

RHSA-2017:2128

RHSA-2017_2128

Affected Products

Alt Linux

Centos

Gnome Display Manager

Red Hat

PT-2015-2745 · Gnome+3 · Gnome Display Manager+3

CVE-2015-7496

Weakness Enumeration

Related Identifiers

Affected Products

References · 33