CVE-2021-20315
MEDIUMgnome-shell < 3.32.2 - Locking Protection Bypass via Application Menu or Window List Extensions
Title source: llmDescription
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2006285
Scores
CVSS v3
6.1
EPSS
0.0003
EPSS Percentile
8.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-667
Status
published
Products (2)
centos/stream
8
gnome/gnome-shell
< 3.32.2
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026