A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start new ones as the locked user, even if the session is still locked.
The flaw only affects some specific versions of CentOS Stream 8. This issue did not affect the versions of gnome-shell as shipped with Red Hat Enterprise Linux 7, and 8 as they did not include the vulnerable code.
Disable enabled GNOME extensions, such as "Application menu" or "Window list".