CVE-2014-7272

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
sddm_projectsddm
𝑥
< 0.10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sddm
bullseye
0.19.0-3
fixed
bookworm
0.19.0-5
fixed
sid
0.21.0-1.1
fixed
trixie
0.21.0-1.1
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html
http://www.openwall.com/lists/oss-security/2014/10/06/4
https://bugzilla.redhat.com/show_bug.cgi?id=1149610
https://github.com/sddm/sddm/pull/280
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html
http://www.openwall.com/lists/oss-security/2014/10/06/4
https://bugzilla.redhat.com/show_bug.cgi?id=1149610
https://github.com/sddm/sddm/pull/280