The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.28.2-0ubuntu1.4", "binary_name": "gdm3" }, { "binary_version": "3.28.2-0ubuntu1.4", "binary_name": "gdm3-dbgsym" }, { "binary_version": "3.28.2-0ubuntu1.4", "binary_name": "gir1.2-gdm-1.0" }, { "binary_version": "3.28.2-0ubuntu1.4", "binary_name": "libgdm-dev" }, { "binary_version": "3.28.2-0ubuntu1.4", "binary_name": "libgdm1" }, { "binary_version": "3.28.2-0ubuntu1.4", "binary_name": "libgdm1-dbgsym" } ] }