CVE-2021-20315 — Vulnetix

CVE-2021-20315 REJECTED

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.

EPSS 0.03% · 8.9th percentile

Risk Scores

EPSS Score

0.03%

8.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:16.04:LTS	gnome-shell	3.16.4-0ubuntu1, 3.18.1-1ubuntu1, 3.18.2-0ubuntu1

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=2006285 (circl)

Timeline

Feb 18, 2022 CVE Published
Feb 19, 2022 EPSS Score
Apr 12, 2022 EPSS Score
Jun 3, 2022 EPSS Score
Jul 26, 2022 EPSS Score
Sep 16, 2022 EPSS Score
Nov 7, 2022 EPSS Score
Dec 29, 2022 EPSS Score
Feb 19, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 13, 2023 EPSS Score
Jun 4, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-20315 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2006285 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-20315 third-party-advisory

Open in Interactive Console →