It was discovered [1] that PrtSc key is not disabled when the screen is locked. Taking a bunch of screenshots at once bloats gnome-shell to the point where it's pretty easy to get it targeted by the kernel's oom-killer. This means that anyone with access to the keyboard of a locked GNOME session can (briefly) disable the lockscreen, which lets them see and interact with the running gnome session. This might be fixed in gnome-shell 3.14.1, some patches available in the original bugreport [1]. [1]: https://bugzilla.gnome.org/show_bug.cgi?id=737456
Created gnome-shell tracking bugs for this issue: Affects: fedora-all [bug 1149039]
CVE-2014-7300 was assigned for: "PrtSc is an unauthenticated request that's available to untrusted parties. A series of requests can consume a large amount of memory. The combination of this PrtSc behavior and the existence of the oom-killer allows authentication bypass for command execution. Therefore, the product must limit the aggregate memory consumption of all active requests, and the lack of this limit is a vulnerability." http://seclists.org/oss-sec/2014/q4/91
gnome-shell-3.10.4-9.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0535 https://rhn.redhat.com/errata/RHSA-2015-0535.html