CVE-2014-7300
Summary
| CVE | CVE-2014-7300 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-12-25 21:59:00 UTC |
| Updated | 2016-08-31 15:08:00 UTC |
| Description | GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. |
Risk And Classification
Problem Types: CWE-399
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gnome | Gnome-shell | 3.14.0 | All | All | All |
| Application | Gnome | Gnome-shell | 3.14.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Hpc Node | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Hpc Node | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug 737456 – lockscreen bypass by holding down printscreen key | CONFIRM | bugzilla.gnome.org | Issue Tracking, Vendor Advisory |
| oss-security - gnome-shell lockscreen bypass with printscreen key | MLIST | openwall.com | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Bump version to 3.14.1 (a72dca36) · Commits · GNOME / gnome-shell · GitLab | CONFIRM | git.gnome.org | Issue Tracking, Patch |
| shell-screenshot: Only allow one screenshot request at a time per sender (f02b0073) · Commits · GNOME / gnome-shell · GitLab | CONFIRM | git.gnome.org | Issue Tracking, Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.