CVE-2019-3825

low-risk

Published 2019-02-06

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

PHYSICAL / HIGH complexity

Affected Products (4)

Gnome Display Manager

Ubuntu Linux

Enterprise Linux

Affected Vendors

Redhat Gnome Canonical

References (4)

Exploit https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825

Third Party Advisory https://usn.ubuntu.com/3892-1/

Exploit https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825

Third Party Advisory https://usn.ubuntu.com/3892-1/

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 10/34 · Low