CVE-2023-43090

NameCVE-2023-43090
DescriptionA vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5501-1
Debian Bugs1052067

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnome-shell (PTS)bullseye (security), bullseye3.38.6-1~deb11u2fixed
bookworm, bookworm (security)43.9-0+deb12u2fixed
sid, trixie47.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnome-shellsourcebuster(not affected)
gnome-shellsourcebullseye(not affected)
gnome-shellsourcebookworm43.6-1~deb12u2DSA-5501-1
gnome-shellsource(unstable)44.5-11052067

Notes

[bullseye] - gnome-shell <not-affected> (Vulnerable code introduced in 42.beta)
[buster] - gnome-shell <not-affected> (Vulnerable code introduced in 42.beta)
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944
Fixed by: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/521525948eed85cc27c0796a0b9569d161df81ba
Fixed by: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/671df28a509ae208e158976f0855d91fdbea16a1
Introduced around: https://gitlab.gnome.org/GNOME/gnome-shell/-/8ebc478f0f24720870c4911aef707f4dc34d140c

Search for package or bug name: Reporting problems