Improper Locking

CVE-2021-20315

Medium

6.1/10

Summary

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-667 - Improper Locking

The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References

Advisory Timeline

Published Feb 18, 2022

Improper Locking

CVE-2021-20315

Summary

CWE-667 - Improper Locking

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS