1492007 – gnome-shell: Use-after-free due to icon remapping

Bug 1492007 - gnome-shell: Use-after-free due to icon remapping

Summary: gnome-shell: Use-after-free due to icon remapping

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1492008 1500589
Blocks:	1492009
TreeView+	depends on / blocked

Reported:	2017-09-15 09:21 UTC by Andrej Nemec
Modified:	2019-09-29 14:22 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A use-after-free flaw was found in the way gnome-shell handled mapping and unmapping of tray icons. A malicious or misbehaving local application could potentially use this flaw to crash the gnome-shell process.
Clone Of:
Environment:
Last Closed:	2017-10-11 10:53:34 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2017-09-15 09:21:22 UTC

If a tray icon gets a mapped and unmapped and the mapped again in quick succession, we can end up with multiple handlers listening for window creation events. An attacker could use this to crash gnome-shell.

Comment 1 Andrej Nemec 2017-09-15 09:21:44 UTC

Created gnome-shell tracking bugs for this issue:

Affects: fedora-all [bug 1492008]

Comment 2 Andrej Nemec 2017-09-27 08:36:29 UTC

Upstream issue:

https://bugzilla.gnome.org/show_bug.cgi?id=787361

Upstream patch:

https://git.gnome.org/browse/gnome-shell/commit/?id=90c55e1

Comment 7 Fedora Update System 2017-11-01 16:38:28 UTC

gnome-shell-3.22.3-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.