A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.
CPE | Name | Operator | Version |
---|---|---|---|
gdm | eq | 3.7.91 | |
gdm | eq | 3.15.92 | |
gdm | eq | 3.7.3.1 | |
gdm | eq | GDM2_2_15_8 | |
gdm | eq | GDM2_2_18_0 | |
gdm | eq | GDM2_2_13_0_6 | |
gdm | eq | 3.4.0.1 | |
gdm | eq | GDM2_2_4_2_99 | |
gdm | eq | GDM2_2_13_0_10 | |
gdm | eq | 3.9.90 |