Fluid Attacks Database

Description

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	gnome-shell	>=0 <3.14.1-1	3.14.1-1
debian 11	gnome-shell	>=0 <3.14.1-1	3.14.1-1
debian 13	gnome-shell	>=0 <3.14.1-1	3.14.1-1
debian 14	gnome-shell	>=0 <3.14.1-1	3.14.1-1
rpm rhel7	cogl	<0:1.14.0-6.el7	0:1.14.0-6.el7
rpm rhel7	clutter	<0:1.14.4-12.el7	0:1.14.4-12.el7
rpm rhel7	gnome-shell	<0:3.8.4-45.el7	0:3.8.4-45.el7
rpm rhel7	mutter	<0:3.8.4-16.el7	0:3.8.4-16.el7

Aliases

1. CVE-2014-73002. NVD-2014-73003. OSV-DEBIAN-2014-73004. OSV-2014-73005. SECURITY-TRACKER-CVE-2014-7300

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.