CVE-2020-16125
HIGHGnome Display Manager < 3.36.2 - Improper Condition Check
Title source: ruleDescription
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
Exploits (1)
nomisec
WRITEUP
1 stars
by za970120604 · poc
https://github.com/za970120604/CVE-2020-16125-Reproduction
References (3)
Core 3
Core References
Exploit, Vendor Advisory x_refsource_misc
https://gitlab.gnome.org/GNOME/gdm/-/issues/642
Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314
Exploit, Third Party Advisory x_refsource_misc
https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon
Scores
CVSS v3
7.2
EPSS
0.2210
EPSS Percentile
95.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-754
Status
published
Products (1)
gnome/gnome_display_manager
< 3.36.2
Published
Nov 10, 2020
Tracked Since
Feb 18, 2026