CVE-2014-7300
EPSS 0.04%
Description
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
How to fix CVE-2014-7300
To remediate CVE-2014-7300, upgrade the affected package to a fixed version below.
- Debian/gnome-shell—upgrade to 3.14.1-1 or later
Is CVE-2014-7300 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.14.1-1