It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. This issue was introduced with the following ticket & commit: https://bugzilla.gnome.org/show_bug.cgi?id=745039 https://gitlab.gnome.org/GNOME/gnome-shell/commit/c79d24b60e773262091023feb6ee1b3deef1c471 Upstream issue: https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
External References: https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
Created gnome-shell tracking bugs for this issue: Affects: fedora-all [bug 1672815]
Acknowledgments: Name: Ray Strode (The GNOME Project) Upstream: Maxime Vellard
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1021 https://access.redhat.com/errata/RHSA-2020:1021
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-3820