CVE-2018-14424
Description
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.043
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| GNOME Display Manager (USN-3737-1) gdm3_3.28.2-0ubuntu1.4_i386.deb | Linux |
| GNOME Display Manager (USN-3737-1) gdm3_3.28.2-0ubuntu1.4_amd64.deb | Linux |
| gdm3 security update(DSA-4270-1) gdm3_3.22.3-3+deb9u2_i386.deb | Linux |
| gdm3 security update(DSA-4270-1) gdm3_3.22.3-3+deb9u2_amd64.deb | Linux |
| SUSE-SU-2018:2527-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdm-3.10.0.1-54.6.3.x86_64.rpm | Linux |
| SUSE-SU-2018:2527-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdm-debuginfo-3.10.0.1-54.6.3.x86_64.rpm | Linux |
| SUSE-SU-2018:2527-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdm-debugsource-3.10.0.1-54.6.3.x86_64.rpm | Linux |
| SUSE-SU-2018:2527-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdm-lang-3.10.0.1-54.6.3.noarch.rpm | Linux |
| SUSE-SU-2018:2527-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdmflexiserver-3.10.0.1-54.6.3.noarch.rpm | Linux |
| SUSE-SU-2018:2527-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgdm1-3.10.0.1-54.6.3.x86_64.rpm | Linux |
| SUSE-SU-2018:2527-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgdm1-debuginfo-3.10.0.1-54.6.3.x86_64.rpm | Linux |
| SUSE-SU-2018:2527-1(SUSE Linux Enterprise Desktop 12-SP3 ) typelib-1_0-Gdm-1_0-3.10.0.1-54.6.3.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234