CVE-2020-27837
28.12.2020, 19:15
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome_display_manager | 𝑥 < 3.38.2.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gdm |
| ||||||||||||||||||||||||
| gdm-devel |
| ||||||||||||||||||||||||
| gdm-lang |
| ||||||||||||||||||||||||
| gdm-schema |
| ||||||||||||||||||||||||
| gdm-systemd |
| ||||||||||||||||||||||||
| gdmflexiserver |
| ||||||||||||||||||||||||
| libgdm1 |
| ||||||||||||||||||||||||
| typelib-1_0-Gdm-1_0 |
|