CVE-2014-7300
First published: Thu Dec 25 2014(Updated: )
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Yaru Theme for GNOME Shell | =3.14.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux HPC Node | =7.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://openwall.com/lists/oss-security/2014/09/29/17
- http://rhn.redhat.com/errata/RHSA-2015-0535.html
- https://bugzilla.gnome.org/show_bug.cgi?id=737456
- https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013
- https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378
Frequently Asked Questions
What is the severity of CVE-2014-7300?
CVE-2014-7300 is classified as a high severity vulnerability due to its potential to allow arbitrary command execution.
How do I fix CVE-2014-7300?
To address CVE-2014-7300, update GNOME Shell to version 3.14.1 or later.
Which software is affected by CVE-2014-7300?
CVE-2014-7300 affects GNOME Shell versions 3.14.0 and is also relevant for Red Hat Enterprise Linux 7.0.
What are the risks associated with CVE-2014-7300?
The risks include unauthorized access to an unattended workstation by executing arbitrary commands.
Can CVE-2014-7300 be exploited remotely?
CVE-2014-7300 requires physical proximity, making it less likely to be exploited remotely.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gnome
- canonical/ubuntu yaru theme for gnome shell
- version/ubuntu yaru theme for gnome shell/3.14.0
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux hpc node
- version/red hat enterprise linux hpc node/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0