Search for vulnerabilities
Vulnerability details: VCID-hhdv-uw7h-aaak
Vulnerability ID VCID-hhdv-uw7h-aaak
Aliases CVE-2014-7300
Summary GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
Status Published
Exploitability 0.5
Weighted Severity 6.5
Risk 3.2
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-399 Resource Management Errors
CWE-285 Improper Authorization
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-305 Authentication Bypass by Primary Weakness
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7300.html
rhas Low https://access.redhat.com/errata/RHSA-2015:0535
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2014-7300
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1147917
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7300
cvssv2 4.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2014-7300
Reference id Reference type URL
http://openwall.com/lists/oss-security/2014/09/29/17
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7300.html
http://rhn.redhat.com/errata/RHSA-2015-0535.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7300.json
https://api.first.org/data/v1/epss?cve=CVE-2014-7300
https://bugzilla.gnome.org/show_bug.cgi?id=737456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7300
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013
https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378
1147917 https://bugzilla.redhat.com/show_bug.cgi?id=1147917
cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2014-7300 https://nvd.nist.gov/vuln/detail/CVE-2014-7300
RHSA-2015:0535 https://access.redhat.com/errata/RHSA-2015:0535
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2014-7300
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.10498
EPSS Score 0.00044
Published At April 11, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.