CVE-2018-14424

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
14/08/2018
Last modified:
18/10/2018

Description

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:* 3.29.1 (including)