CVE-2021-20315
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
Se ha encontrado un fallo de omisión de la protección de bloqueo en algunas versiones de gnome-shell tal y como se distribuye en CentOS Stream 8, cuando las extensiones de GNOME "Application menu" o "Window list" están habilitadas. Este fallo permite a un atacante físico que tenga acceso a un sistema bloqueado matar las aplicaciones existentes e iniciar otras nuevas como el usuario bloqueado, incluso si la sesión sigue bloqueada
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2022-02-18 CVE Published
- 2023-09-11 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-667: Improper Locking
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2006285 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Gnome-shell Search vendor "Gnome" for product "Gnome-shell" | < 3.32.2 Search vendor "Gnome" for product "Gnome-shell" and version " < 3.32.2" | - |
Affected
| ||||||
| Centos Search vendor "Centos" | Stream Search vendor "Centos" for product "Stream" | 8 Search vendor "Centos" for product "Stream" and version "8" | - |
Affected
| ||||||