CVE-2018-14424

NameCVE-2018-14424
DescriptionThe daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1494-1, DSA-4270-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gdm3 (PTS)jessie, jessie (lts)3.14.1-7+deb8u1fixed
stretch (security), stretch (lts), stretch3.22.3-3+deb9u3fixed
buster3.30.2-3fixed
bullseye3.38.2.1-1fixed
bookworm43.0-3fixed
trixie45.0.1-3fixed
sid46~rc-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gdm3sourcewheezy(unfixed)end-of-life
gdm3sourcejessie3.14.1-7+deb8u1DLA-1494-1
gdm3sourcestretch3.22.3-3+deb9u2DSA-4270-1
gdm3source(unstable)3.28.2-4

Notes

https://gitlab.gnome.org/GNOME/gdm/issues/401
https://gitlab.gnome.org/GNOME/gdm/commit/6060db704a19b0db68f2e9e6a2d020c0c78b6bba
https://gitlab.gnome.org/GNOME/gdm/commit/765b306c364885dd89d47fe9fe8618ce6a467bc1

Search for package or bug name: Reporting problems