A vulnerability in GNOME Display Manager (GDM) could allow a local attacker to bypass security restrictions on a targeted system.
The vulnerability is due to improper security restrictions imposed by the affected software when timed login is enabled. A local attacker with physical access could exploit this vulnerability by selecting the timed login user and waiting for the timer to expire on the targeted system. A successful exploit could allow the attacker to bypass security restrictions and gain access to the logged-in user’s session on the targeted system.
GNOME has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium