PT-2018-12505 · Alt Linux Team+4 · Alt Linux+3

Chris Coulson

·

Published

2018-08-13

·

Updated

2024-06-15

·

CVE-2018-14424

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GDM versions prior to 3.29.1 ALT Linux (affected versions not specified)
Description The issue arises from the daemon in GDM not properly unexporting display objects from its D-Bus interface when they are destroyed. This allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls. As a result, this can lead to a denial of service or potential code execution.
Recommendations For GDM versions prior to 3.29.1, update to version 3.29.1 or later to resolve the issue. At the moment, there is no information about a fix for ALT Linux.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2018-2142
ALT-PU-2018-2309
CVE-2018-14424
DLA-1494-1
DSA-4270-1
OPENSUSE-SU-2018_2818-1
OPENSUSE-SU-2024:10780-1
SUSE-SU-2018:2527-1
SUSE-SU-2018:2771-1
SUSE-SU-2018_2527-1
SUSE-SU-2018_2771-1
USN-3737-1

Affected Products

Alt Linux
Gdm
Suse
Ubuntu