Bug 1191181 – VUL-0: CVE-2021-20315: gnome-shell: locking protection bypass allow unauthorized user to kill existing applications or start new ones

Bug 1191181 - (CVE-2021-20315) VUL-0: CVE-2021-20315: gnome-shell: locking protection bypass allow unauthorized user to kill existing applications or start new ones

(CVE-2021-20315)
Summary:	VUL-0: CVE-2021-20315: gnome-shell: locking protection bypass allow unauthori...

Status:	RESOLVED INVALID

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/310671/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-09-30 11:39 UTC by Alexander Bergmann
Modified:	2021-09-30 11:41 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2021-09-30 11:39:40 UTC

rh#2006285

When locking the screen the application menu bar and the window list at the bottom of the screen are visible. The user has the ability to kill open windows and also start applications when the machine is locked.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2006285
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20315

Comment 1 Alexander Bergmann 2021-09-30 11:41:01 UTC

https://bugzilla.redhat.com/show_bug.cgi?id=2006285#c3

This issue was only ever present in Centos 8 Stream, in particular in gnome-shell-3.32.2-39.el8.x86_64 . No released RHEL version was ever affected by this.


Not affecting SLE / openSUSE. Closing bug as invalid.