Lucene search

Ubuntu.comUB:CVE-2021-20315

HistoryFeb 18, 2022 - 12:00 a.m.

CVE-2021-20315

2022-02-1800:00:00

ubuntu.com

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

6.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

20.4%

JSON

A locking protection bypass flaw was found in some versions of gnome-shell
as shipped within CentOS Stream 8, when the “Application menu” or “Window
list” GNOME extensions are enabled. This flaw allows a physical attacker
who has access to a locked system to kill existing applications and start
new ones as the locked user, even if the session is still locked.

Notes

Author	Note
alexmurray	This issue was specific to Centos 8 Stream, in particular as a result of the backport done in https://bugzilla.redhat.com/show_bug.cgi?id=1651378 so does not affect gnome-shell as packaged in Ubuntu

References

bugzilla.redhat.com/show_bug.cgi?id=2006285

launchpad.net/bugs/cve/CVE-2021-20315

nvd.nist.gov/vuln/detail/CVE-2021-20315

security-tracker.debian.org/tracker/CVE-2021-20315

www.cve.org/CVERecord?id=CVE-2021-20315

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

6.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

20.4%

JSON

Related for UB:CVE-2021-20315