High severity7.8NVD Advisory· Published Aug 14, 2018· Updated Jun 17, 2026
CVE-2018-14424
CVE-2018-14424
Description
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Range: <=3.29.1
- osv-coords6 versionspkg:rpm/opensuse/gdm&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gdm&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/gdm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/gdm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/gdm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/gdm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 3.38.2-2.7+ 5 more
- (no CPE)range: < 3.38.2-2.7
- (no CPE)range: < 3.10.0.1-54.6.3
- (no CPE)range: < 3.26.2.1-13.9.1
- (no CPE)range: < 3.10.0.1-54.6.3
- (no CPE)range: < 3.10.0.1-54.6.3
- (no CPE)range: < 3.10.0.1-54.6.3
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/105179nvdThird Party AdvisoryVDB Entry
- gitlab.gnome.org/GNOME/gdm/issues/401nvdThird Party Advisory
- usn.ubuntu.com/3737-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4270nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00003.htmlnvdMailing List
News mentions
0No linked articles in our index yet.