Gnome Display Manager
CVE-2018-14424
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
AnalysisAI
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. Affected products include: Gnome Gnome Display Manager. Version information: through 3.29.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.
More in Gnome Display Manager
View allgdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service v
A vulnerability was discovered in gdm before 3.31.4. Rated medium severity (CVSS 6.4), this vulnerability is no authenti
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlin
A flaw was found in GDM in versions prior to 3.38.2.1. Rated medium severity (CVSS 6.4), this vulnerability is no authen
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a deni
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today