7.2

CVE-2014-7300

EPSS 0.04%
Published 25.12.2014 21:59:02
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Gnome ≫ Gnome-shell Version3.14.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Hpc Node Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.105

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://openwall.com/lists/oss-security/2014/09/29/17

Third Party Advisory

Mailing List

http://rhn.redhat.com/errata/RHSA-2015-0535.html

Third Party Advisory

https://bugzilla.gnome.org/show_bug.cgi?id=737456

Vendor Advisory

Issue Tracking

https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013

Patch

Issue Tracking

https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2014-7300

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-7300

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-7300

EUVD