Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel’s underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of “a new feature, not a CVE.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | gnome-settings-daemon | <= 43.0-4 | gnome-settings-daemon_43.0-4_all.deb |
Debian | 11 | all | gnome-settings-daemon | <= 3.38.2-1 | gnome-settings-daemon_3.38.2-1_all.deb |
Debian | 999 | all | gnome-settings-daemon | <= 47~beta-1 | gnome-settings-daemon_47~beta-1_all.deb |
Debian | 13 | all | gnome-settings-daemon | <= 47~beta-1 | gnome-settings-daemon_47~beta-1_all.deb |