CVE-2018-14424

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.

References

Affected packages

Git / github.com/gnome/gdm

Affected ranges

Type

GIT

Repo

https://github.com/gnome/gdm

Events

Introduced

Last affected

354ee7e0987a0f23b148a8a857e20cdcae4d5bdc

Database specific

{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.29.1"
        }
    ]
}

Affected versions

2.*

2.27.4

2.5.4.2

3.*

3.0.0

3.1.2

3.1.90

3.1.91

3.1.92

3.10.0

3.10.0.1

3.11.2

3.11.3

3.11.4

3.11.90

3.11.92

3.11.92.1

3.12.0

3.12.1

3.12.2

3.13.91

3.13.92

3.14.0

3.14.1

3.15.2

3.15.3

3.15.3.1

3.15.90

3.15.90.1

3.15.90.2

3.15.90.3

3.15.90.4

3.15.90.5

3.15.91

3.15.91.1

3.15.91.2

3.15.92

3.16.0

3.16.0.1

3.16.1

3.16.1.1

3.17.2

3.17.3

3.17.3.1

3.17.4

3.17.90

3.17.92

3.18.0

3.19.2

3.19.4

3.19.4.1

3.19.90

3.19.91

3.19.92

3.20.0

3.20.1

3.21.2

3.21.3

3.21.4

3.21.90

3.21.91

3.22.0

3.22.1

3.23.4

3.23.91

3.23.91.1

3.23.92

3.24.0

3.24.1

3.25.3

3.25.4

3.25.4.1

3.25.90

3.25.92

3.26.0

3.26.1

3.27.3

3.27.4

3.27.90

3.27.91

3.27.92

3.28.0

3.29.1

3.3.92

3.3.92.1

3.4.0

3.4.0.1

3.4.1

3.5.2

3.5.4

3.5.4.1

3.5.4.2

3.5.5

3.5.90

3.5.91

3.5.92

3.5.92.1

3.6.0

3.7.2

3.7.3

3.7.3.1

3.7.5

3.7.90

3.7.91

3.8.0

3.8.1

3.8.1.1

3.8.3

3.9.5

3.9.90

3.9.92

Other

GDM2_2_13_0_0

GDM2_2_13_0_1

GDM2_2_13_0_10

GDM2_2_13_0_2

GDM2_2_13_0_3

GDM2_2_13_0_4

GDM2_2_13_0_5

GDM2_2_13_0_6

GDM2_2_13_0_7

GDM2_2_13_0_8

GDM2_2_13_0_9

GDM2_2_14_0

GDM2_2_14_1

GDM2_2_14_2

GDM2_2_14_3

GDM2_2_14_4

GDM2_2_15_0

GDM2_2_15_1

GDM2_2_15_10

GDM2_2_15_2

GDM2_2_15_3

GDM2_2_15_4

GDM2_2_15_5

GDM2_2_15_6

GDM2_2_15_7

GDM2_2_15_8

GDM2_2_15_9

GDM2_2_16_0

GDM2_2_17_0

GDM2_2_17_1

GDM2_2_17_2

GDM2_2_17_3

GDM2_2_17_4

GDM2_2_17_5

GDM2_2_17_6

GDM2_2_17_7

GDM2_2_17_8

GDM2_2_18_0

GDM2_2_2_1

GDM2_2_2_2_1

GDM2_2_4_0_11

GDM2_2_4_0_2

GDM2_2_4_0_3

GDM2_2_4_0_4

GDM2_2_4_0_5

GDM2_2_4_0_6

GDM2_2_4_0_7

GDM2_2_4_0_8

GDM2_2_4_0_9

GDM2_2_4_1_0

GDM2_2_4_1_1

GDM2_2_4_1_2

GDM2_2_4_1_3

GDM2_2_4_2_100

GDM2_2_4_2_101

GDM2_2_4_2_102

GDM2_2_4_2_95

GDM2_2_4_2_96

GDM2_2_4_2_97

GDM2_2_4_2_98

GDM2_2_4_2_99

GDM2_2_4_4_0

GDM2_2_4_4_1

GDM2_2_4_4_2

GDM2_2_4_4_3

GDM2_2_4_4_5

GDM2_2_5_90_0

GDM2_2_5_90_1

GDM2_2_5_90_2

GDM2_2_6_0_0

GDM2_2_6_0_1

GDM2_2_6_0_2

GDM2_2_6_0_3

GDM2_2_6_0_4

GDM2_2_6_0_5

GDM2_2_6_0_6

GDM2_2_6_0_7

GDM2_2_6_0_8

GDM2_2_8_0_0

GDM2_2_8_0_1

GDM2_4_4_4

GDM_2_0

GDM_2_21_1

GDM_2_21_2

GDM_2_21_4

GDM_2_21_5

GDM_2_21_6

GDM_2_21_7

GDM_2_21_8

GDM_2_21_9

GDM_2_22_0

GDM_2_23_2

GDM_2_23_90

GDM_2_23_92

GDM_2_24_0

GDM_2_25_1

GDM_2_25_2

GDM_2_25_92

GDM_2_26_0

GDM_2_26_1

GDM_2_27_90

GDM_2_28_0

GDM_2_28_1

GDM_2_28_92

GDM_2_29_0

GDM_2_29_1

GDM_2_29_4

GDM_2_29_5

GDM_2_29_6

GDM_2_29_92

GDM_2_2_3

GDM_2_2_3_2

GDM_2_2_4_2

GDM_2_2_4_3

GDM_2_2_5_1

GDM_2_2_ANCHOR

GDM_2_30_0

GDM_2_30_1

GDM_2_31_0

GDM_2_31_1

GDM_2_31_2

GDM_2_31_90

GDM_2_31_92

GDM_2_32_0

GDM_2_3_90_1

GDM_2_3_90_2

GDM_2_3_90_3

GDM_2_3_90_4

GDM_2_3_90_5

GDM_2_3_90_6

GDM_2_4_0_0

GDM_2_4_0_1

GDM_2_91_4

GDM_2_91_6

GDM_2_91_90

GDM_2_91_92

GDM_2_91_93

GDM_2_91_94

GNOME_PRINT_0_24

POST_SWITCH_TO_GOBJECT_BRANCH

STABLE

gdm2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14424.json"

Git / gitlab.gnome.org/gnome/gdm