CVE-2015-7496 – gdm: Crash when holding Escape in log screen

https://notcve.org/view.php?id=CVE-2015-7496

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. GNOME Display Manager (gdm) en versiones anteriores a 3.18.2 permite a atacantes físicamente próximos eludir la pantalla de bloqueo manteniendo pulsada la tecla Escape. It was found that gdm could crash due to a signal handler dispatched to an invalid conversation. An attacker could crash gdm by holding the escape key when the screen is locked, possibly bypassing the locked screen. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html http://www.openwall.com/lists/oss-security/2015/11/17/10 http://www.openwall.com/lists/oss-security/2015/11/17/8 https://access.redhat.com/errata/RHSA-2017:2128 https://bugzilla.gnome.org/show_bug.cgi?id=758032 https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news https://access.redhat.com/security/cve/CVE-2015-7496 https://bugzilla.redhat.com/show_bug.cgi?id=1283279 • CWE-264: Permissions, Privileges, and Access Controls CWE-364: Signal Handler Race Condition •