Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-7300

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

Published

2014-12-25T21:59:02.937

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnome	gnome-shell	3.14.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_hpc_node	7.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes

References

http://openwall.com/lists/oss-security/2014/09/29/17 Mailing List, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-0535.html Third Party Advisory ([email protected])
https://bugzilla.gnome.org/show_bug.cgi?id=737456 Issue Tracking, Vendor Advisory ([email protected])
https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013 Issue Tracking, Patch ([email protected])
https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378 Issue Tracking, Patch ([email protected])
http://openwall.com/lists/oss-security/2014/09/29/17 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-0535.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.gnome.org/show_bug.cgi?id=737456 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)