CVE-2014-7300

2014-12-2521:59:02

CWE-399

mitre

web.nvd.nist.gov

cve-2014-7300

gnome shell

screen lock

memory consumption

prtsc requests

linux kernel

oom killer

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

26.7%

JSON

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

Affected configurations

Nvd

Node

gnomegnome-shellMatch3.14.0

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

VendorProductVersionCPE
gnomegnome-shell3.14.0cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_hpc_node7.0cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server7.0cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_workstation7.0cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnome	gnome-shell	3.14.0	cpe:2.3:a:gnome:gnome-shell:3.14.0:::::::*
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_hpc_node	7.0	cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*
redhat	enterprise_linux_server	7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
redhat	enterprise_linux_workstation	7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*