CVE-2014-7300

gnome-shell: lockscreen bypass with printscreen key

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

GNOME Shell 3.14.x anterior a 3.14.1, cuando se utiliza la característica Screen Lock, no se limita el consumo de memoria para todas las peticiones activas PrtSc , lo que permite a atacantes cercanos físicamente ejecutar comandos arbitrarios en una estación de trabajo desatendida haciendo numerosas peticiones PrtSc y aprovechando un bloqueo temporal, y la disponibilidad de una shell resultante temporal, causada por Linux kernel OOM killer.

It was found that the Gnome shell did not disable the Print Screen key when the screen was locked. This could allow an attacker with physical access to a system with a locked screen to crash the screen-locking application by creating a large amount of screenshots.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-10-02 CVE Reserved
2014-12-25 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-305: Authentication Bypass by Primary Weakness
CWE-399: Resource Management Errors

CAPEC

References (7)

URL	Tag	Source
http://openwall.com/lists/oss-security/2014/09/29/17	Mailing List

URL	Date	SRC

URL	Date	SRC
https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013	2016-08-31
https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378	2016-08-31

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2015-0535.html	2016-08-31
https://bugzilla.gnome.org/show_bug.cgi?id=737456	2016-08-31
https://access.redhat.com/security/cve/CVE-2014-7300	2015-03-05
https://bugzilla.redhat.com/show_bug.cgi?id=1147917	2015-03-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnome Search vendor "Gnome"		Gnome-shell Search vendor "Gnome" for product "Gnome-shell"				3.14.0 Search vendor "Gnome" for product "Gnome-shell" and version "3.14.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Hpc Node Search vendor "Redhat" for product "Enterprise Linux Hpc Node"				7.0 Search vendor "Redhat" for product "Enterprise Linux Hpc Node" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"		-		Affected