gdm3 is vulnerable to timing attacks. The vulnerability exists through a race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication.
CPE | Name | Operator | Version |
---|---|---|---|
gdm3:sid | eq | 3.38.2-1 | |
gdm3:bullseye | eq | 3.38.2-1 |