Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-27837 - log back

CVE-2020-27837 edited at 22 Dec 2020 11:21:18

Severity

-	Unknown
+	Low

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Authentication bypass

Description

+

A security issue was found in gdm before version 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

References

+	https://bugzilla.redhat.com/show_bug.cgi?id=1906812
+	https://gitlab.gnome.org/GNOME/gdm/-/issues/660
+	https://gitlab.gnome.org/GNOME/gdm/-/commit/9b6d9b24a5f69674447c7bc9aacfab0988b914bd

Notes

CVE-2020-27837 created at 22 Dec 2020 11:19:29