CVE-2018-14424

NameCVE-2018-14424
DescriptionThe daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1494-1, DSA-4270-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gdm3 (PTS)jessie3.14.1-7vulnerable
jessie (security)3.14.1-7+deb8u1fixed
stretch3.22.3-3+deb9u1vulnerable
stretch (security)3.22.3-3+deb9u2fixed
buster, sid3.30.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gdm3source(unstable)3.28.2-4
gdm3sourcejessie3.14.1-7+deb8u1DLA-1494-1
gdm3sourcestretch3.22.3-3+deb9u2DSA-4270-1

Notes

https://gitlab.gnome.org/GNOME/gdm/issues/401
https://gitlab.gnome.org/GNOME/gdm/commit/6060db704a19b0db68f2e9e6a2d020c0c78b6bba
https://gitlab.gnome.org/GNOME/gdm/commit/765b306c364885dd89d47fe9fe8618ce6a467bc1

Search for package or bug name: Reporting problems