Main Vulnerability Database Vulnerabilities #VU14452

Use-after-free error in GNOME Display Manager - CVE-2018-14424

Published: August 14, 2018 / Updated: August 17, 2018

Vulnerability identifier: #VU14452

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-14424

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Gnome Development Team

Affected software:
GNOME Display Manager

Detailed vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to use-after-free error when unproper unexporting of display objects from its D-Bus interface when they are destroyed. A local attacker can use a specially crafted sequence of D-Bus method calls, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-14424

Install update from vendor's website.

Sources

https://gitlab.gnome.org/GNOME/gdm/issues/401

Use-after-free error in GNOME Display Manager - CVE-2018-14424

Detailed vulnerability description

How to mitigate CVE-2018-14424

Sources

Please verify you're human