UBUNTU-CVE-2020-27837

Source
https://ubuntu.com/security/CVE-2020-27837
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-27837.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-27837
Related
Published
2020-12-28T19:15:00Z
Modified
2024-10-15T14:07:46Z
Severity
  • 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

References

Affected packages

Ubuntu:20.04:LTS / gdm3

Package

Name
gdm3
Purl
pkg:deb/ubuntu/gdm3?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.34.1-1ubuntu1
3.36.3-0ubuntu0.20.04.1
3.36.3-0ubuntu0.20.04.2
3.36.3-0ubuntu0.20.04.3
3.36.3-0ubuntu0.20.04.4

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / gdm3

Package

Name
gdm3
Purl
pkg:deb/ubuntu/gdm3?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

41~rc-0ubuntu2

41.*

41.0-3ubuntu1
41.0-3ubuntu2
41.3-1ubuntu1
41.3-1ubuntu2
41.3-1ubuntu3

42.*

42.0-1ubuntu1
42.0-1ubuntu2
42.0-1ubuntu4
42.0-1ubuntu6
42.0-1ubuntu7
42.0-1ubuntu7.22.04.1
42.0-1ubuntu7.22.04.2
42.0-1ubuntu7.22.04.3
42.0-1ubuntu7.22.04.4

Ecosystem specific

{
    "ubuntu_priority": "low"
}