First published: Tue Sep 21 2021(Updated: )
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GNOME gnome-shell | <3.32.2 | |
CentOS Stream | =8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this flaw is CVE-2021-20315.
The affected software is GNOME gnome-shell and CentOS Stream 8.
The severity of CVE-2021-20315 is medium.
This vulnerability allows a physical attacker who has access to a locked system to kill existing applications and start new ones.
Yes, please refer to the provided reference for information on the fix.