Bug 1191181 (CVE-2021-20315)

Summary: VUL-0: CVE-2021-20315: gnome-shell: locking protection bypass allow unauthorized user to kill existing applications or start new ones
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: abergmann, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/310671/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2021-09-30 11:39:40 UTC
rh#2006285

When locking the screen the application menu bar and the window list at the bottom of the screen are visible. The user has the ability to kill open windows and also start applications when the machine is locked.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2006285
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20315
Comment 1 Alexander Bergmann 2021-09-30 11:41:01 UTC
https://bugzilla.redhat.com/show_bug.cgi?id=2006285#c3

This issue was only ever present in Centos 8 Stream, in particular in gnome-shell-3.32.2-39.el8.x86_64 . No released RHEL version was ever affected by this.


Not affecting SLE / openSUSE. Closing bug as invalid.