What the vulnerability does

01Description

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.

Key dates

02Disclosure timeline

February 18, 2022 CVE published
August 3, 2024 Record updated