CVE-2019-3825

Published: 06 February 2019

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.

Priority

Medium

CVSS 3 base score: 6.4

Status

Package Release Status
gdm3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (3.31.4+git20190225-1ubuntu1)
Ubuntu 20.10 (Groovy Gorilla)
Released (3.31.4+git20190225-1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (3.31.4+git20190225-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.28.3-0ubuntu18.04.4)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://gitlab.gnome.org/GNOME/gdm/commit/7726c81db92d2339fc468ed41c967f5412db66ed
Upstream: https://gitlab.gnome.org/GNOME/gdm/commit/d9d22a1c48a528873e3cc84a73fc868507b8dd4d
Upstream: https://gitlab.gnome.org/GNOME/gdm/commit/94d9fec87960e3ff5f7b75dadcde2807db148fbd
Upstream: https://gitlab.gnome.org/GNOME/gdm/commit/dd45295425c5a843c30aa8797b02d59ff488acb8