CVE-2015-7496

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
gnomegnome_display_manager
𝑥
≤ 3.18.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gdm3
bookworm
43.0-3
fixed
bullseye
3.38.2.1-1
fixed
jessie
not-affected
sid
47.0-3
fixed
squeeze
not-affected
trixie
47.0-3
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gdm
artful
dne
bionic
dne
cosmic
dne
disco
dne
precise
ignored
trusty
dne
vivid
ignored
wily
ignored
xenial
dne
yakkety
dne
zesty
dne
gdm3
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
precise
dne
trusty
dne
vivid
dne
wily
dne
xenial
not-affected
yakkety
ignored
zesty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gdm
suse enterprise desktop 15
3.26.2.1-11.17
fixed
suse enterprise desktop 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise desktop 15 SP2
3.34.1-6.19
fixed
suse enterprise desktop 15 SP3
3.34.1-8.15.1
fixed
suse enterprise desktop 15 SP4
41.3-150400.2.7
fixed
suse enterprise desktop 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise desktop 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise desktop 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise sap 15
3.26.2.1-11.17
fixed
suse enterprise sap 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise sap 15 SP2
3.34.1-6.19
fixed
suse enterprise sap 15 SP3
3.34.1-8.15.1
fixed
suse enterprise sap 15 SP4
41.3-150400.2.7
fixed
suse enterprise sap 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise sap 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise sap 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise server 15
3.26.2.1-11.17
fixed
suse enterprise server 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise server 15 SP2
3.34.1-6.19
fixed
suse enterprise server 15 SP3
3.34.1-8.15.1
fixed
suse enterprise server 15 SP4
41.3-150400.2.7
fixed
suse enterprise server 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise server 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise server 15 SP7
45.0.1-150700.10.7
fixed
gdm-devel
suse enterprise desktop 15
3.26.2.1-11.17
fixed
suse enterprise desktop 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise desktop 15 SP2
3.34.1-6.19
fixed
suse enterprise desktop 15 SP3
3.34.1-8.15.1
fixed
suse enterprise desktop 15 SP4
41.3-150400.2.7
fixed
suse enterprise desktop 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise desktop 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise desktop 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise sap 15
3.26.2.1-11.17
fixed
suse enterprise sap 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise sap 15 SP2
3.34.1-6.19
fixed
suse enterprise sap 15 SP3
3.34.1-8.15.1
fixed
suse enterprise sap 15 SP4
41.3-150400.2.7
fixed
suse enterprise sap 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise sap 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise sap 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise server 15
3.26.2.1-11.17
fixed
suse enterprise server 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise server 15 SP2
3.34.1-6.19
fixed
suse enterprise server 15 SP3
3.34.1-8.15.1
fixed
suse enterprise server 15 SP4
41.3-150400.2.7
fixed
suse enterprise server 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise server 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise server 15 SP7
45.0.1-150700.10.7
fixed
gdm-lang
suse enterprise desktop 15
3.26.2.1-11.17
fixed
suse enterprise desktop 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise desktop 15 SP2
3.34.1-6.19
fixed
suse enterprise desktop 15 SP3
3.34.1-8.15.1
fixed
suse enterprise desktop 15 SP4
41.3-150400.2.7
fixed
suse enterprise desktop 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise desktop 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise desktop 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise sap 15
3.26.2.1-11.17
fixed
suse enterprise sap 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise sap 15 SP2
3.34.1-6.19
fixed
suse enterprise sap 15 SP3
3.34.1-8.15.1
fixed
suse enterprise sap 15 SP4
41.3-150400.2.7
fixed
suse enterprise sap 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise sap 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise sap 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise server 15
3.26.2.1-11.17
fixed
suse enterprise server 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise server 15 SP2
3.34.1-6.19
fixed
suse enterprise server 15 SP3
3.34.1-8.15.1
fixed
suse enterprise server 15 SP4
41.3-150400.2.7
fixed
suse enterprise server 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise server 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise server 15 SP7
45.0.1-150700.10.7
fixed
gdm-schema
suse enterprise desktop 15 SP4
41.3-150400.2.7
fixed
suse enterprise desktop 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise desktop 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise desktop 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise sap 15 SP4
41.3-150400.2.7
fixed
suse enterprise sap 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise sap 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise sap 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise server 15 SP4
41.3-150400.2.7
fixed
suse enterprise server 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise server 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise server 15 SP7
45.0.1-150700.10.7
fixed
gdm-systemd
suse enterprise desktop 15 SP2
3.34.1-6.19
fixed
suse enterprise desktop 15 SP3
3.34.1-8.15.1
fixed
suse enterprise desktop 15 SP4
41.3-150400.2.7
fixed
suse enterprise desktop 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise desktop 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise desktop 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise sap 15 SP2
3.34.1-6.19
fixed
suse enterprise sap 15 SP3
3.34.1-8.15.1
fixed
suse enterprise sap 15 SP4
41.3-150400.2.7
fixed
suse enterprise sap 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise sap 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise sap 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise server 15 SP2
3.34.1-6.19
fixed
suse enterprise server 15 SP3
3.34.1-8.15.1
fixed
suse enterprise server 15 SP4
41.3-150400.2.7
fixed
suse enterprise server 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise server 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise server 15 SP7
45.0.1-150700.10.7
fixed
gdmflexiserver
suse enterprise desktop 15
3.26.2.1-11.17
fixed
suse enterprise desktop 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise desktop 15 SP2
3.34.1-6.19
fixed
suse enterprise desktop 15 SP3
3.34.1-8.15.1
fixed
suse enterprise desktop 15 SP4
41.3-150400.2.7
fixed
suse enterprise desktop 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise desktop 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise desktop 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise sap 15
3.26.2.1-11.17
fixed
suse enterprise sap 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise sap 15 SP2
3.34.1-6.19
fixed
suse enterprise sap 15 SP3
3.34.1-8.15.1
fixed
suse enterprise sap 15 SP4
41.3-150400.2.7
fixed
suse enterprise sap 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise sap 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise sap 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise server 15
3.26.2.1-11.17
fixed
suse enterprise server 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise server 15 SP2
3.34.1-6.19
fixed
suse enterprise server 15 SP3
3.34.1-8.15.1
fixed
suse enterprise server 15 SP4
41.3-150400.2.7
fixed
suse enterprise server 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise server 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise server 15 SP7
45.0.1-150700.10.7
fixed
libgdm1
suse enterprise desktop 15
3.26.2.1-11.17
fixed
suse enterprise desktop 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise desktop 15 SP2
3.34.1-6.19
fixed
suse enterprise desktop 15 SP3
3.34.1-8.15.1
fixed
suse enterprise desktop 15 SP4
41.3-150400.2.7
fixed
suse enterprise desktop 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise desktop 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise desktop 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise sap 15
3.26.2.1-11.17
fixed
suse enterprise sap 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise sap 15 SP2
3.34.1-6.19
fixed
suse enterprise sap 15 SP3
3.34.1-8.15.1
fixed
suse enterprise sap 15 SP4
41.3-150400.2.7
fixed
suse enterprise sap 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise sap 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise sap 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise server 15
3.26.2.1-11.17
fixed
suse enterprise server 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise server 15 SP2
3.34.1-6.19
fixed
suse enterprise server 15 SP3
3.34.1-8.15.1
fixed
suse enterprise server 15 SP4
41.3-150400.2.7
fixed
suse enterprise server 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise server 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise server 15 SP7
45.0.1-150700.10.7
fixed
typelib-1_0-Gdm-1_0
suse enterprise desktop 15
3.26.2.1-11.17
fixed
suse enterprise desktop 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise desktop 15 SP2
3.34.1-6.19
fixed
suse enterprise desktop 15 SP3
3.34.1-8.15.1
fixed
suse enterprise desktop 15 SP4
41.3-150400.2.7
fixed
suse enterprise desktop 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise desktop 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise desktop 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise sap 15
3.26.2.1-11.17
fixed
suse enterprise sap 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise sap 15 SP2
3.34.1-6.19
fixed
suse enterprise sap 15 SP3
3.34.1-8.15.1
fixed
suse enterprise sap 15 SP4
41.3-150400.2.7
fixed
suse enterprise sap 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise sap 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise sap 15 SP7
45.0.1-150700.10.7
fixed
suse enterprise server 15
3.26.2.1-11.17
fixed
suse enterprise server 15 SP1
3.26.2.1-13.19.2
fixed
suse enterprise server 15 SP2
3.34.1-6.19
fixed
suse enterprise server 15 SP3
3.34.1-8.15.1
fixed
suse enterprise server 15 SP4
41.3-150400.2.7
fixed
suse enterprise server 15 SP5
41.3-150400.4.6.1
fixed
suse enterprise server 15 SP6
45.0.1-150600.4.3
fixed
suse enterprise server 15 SP7
45.0.1-150700.10.7
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gdm
RHEL 7
1:3.22.3-11.el7
fixed
gdm-devel
RHEL 7
1:3.22.3-11.el7
fixed
gnome-session
RHEL 7
0:3.22.3-4.el7
fixed
gnome-session-custom-session
RHEL 7
0:3.22.3-4.el7
fixed
gnome-session-xsession
RHEL 7
0:3.22.3-4.el7
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html
http://www.openwall.com/lists/oss-security/2015/11/17/10
http://www.openwall.com/lists/oss-security/2015/11/17/8
https://access.redhat.com/errata/RHSA-2017:2128
https://bugzilla.gnome.org/show_bug.cgi?id=758032
https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html
http://www.openwall.com/lists/oss-security/2015/11/17/10
http://www.openwall.com/lists/oss-security/2015/11/17/8
https://access.redhat.com/errata/RHSA-2017:2128
https://bugzilla.gnome.org/show_bug.cgi?id=758032
https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news