CVE-2020-27837

MEDIUM

gnome_display_manager < 3.38.2.1 - Unauthenticated Lock Screen Bypass via Race Condition

Title source: llm
STIX 2.1

Description

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

References (1)

Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1906812

Scores

CVSS v3 6.4
EPSS 0.0004
EPSS Percentile 12.6%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-362
Status published
Products (1)
gnome/gnome_display_manager < 3.38.2.1
Published Dec 28, 2020
Tracked Since Feb 18, 2026