Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2014-7300

Published: Dec 25, 2014 | Modified: Aug 31, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
3.6 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:P
RedHat/V3
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2014-7300
CWEhttps://cwe.mitre.org/data/definitions/399.html

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

Affected Software

Name Vendor Start Version End Version
Gnome-shell Gnome 3.14.0 (including) 3.14.0 (including)
Red Hat Enterprise Linux 7 RedHat clutter-0:1.14.4-12.el7 *
Red Hat Enterprise Linux 7 RedHat cogl-0:1.14.0-6.el7 *
Red Hat Enterprise Linux 7 RedHat gnome-shell-0:3.8.4-45.el7 *
Red Hat Enterprise Linux 7 RedHat mutter-0:3.8.4-16.el7 *
Gnome-shell Ubuntu lucid *
Gnome-shell Ubuntu precise *
Gnome-shell Ubuntu trusty *
Gnome-shell Ubuntu upstream *
Gnome-shell Ubuntu utopic *
Gnome-shell Ubuntu vivid *
Gnome-shell Ubuntu wily *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use