Lucene search

K
cve[email protected]CVE-2021-20315
HistoryFeb 18, 2022 - 6:15 p.m.

CVE-2021-20315

2022-02-1818:15:08
CWE-667
web.nvd.nist.gov
39
cve-2021-20315
centos stream 8
gnome
locking protection bypass
nvd
security flaw

6.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

6 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

19.9%

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the “Application menu” or “Window list” GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.

Affected configurations

Vulners
NVD
Node
gnomegnome-shellRange3.32.2
VendorProductVersionCPE
gnomegnome\-shell*cpe:2.3:a:gnome:gnome\-shell:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "gnome-shell",
    "versions": [
      {
        "version": "gnome-shell 3.32.2-40.el8",
        "status": "affected"
      }
    ]
  }
]

6.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

6 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

19.9%