VIR Vulnerability Intelligence Relay

CVE-2013-7221

medium
Published 2014-04-29 ยท Modified 2026-05-06
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
4.6

Description

The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed3.10.1-1
debian debianbullseyefixed3.10.1-1
debian debianforkyfixed3.10.1-1
debian debiansidfixed3.10.1-1
debian debiantrixiefixed3.10.1-1

Application impact
VendorProductVersionsFixed
gnomegnome-shell{"endIncluding":"3.9.92"}
gnomegnome-shell3.0.0
gnomegnome-shell3.0.0.1
gnomegnome-shell3.0.0.2
gnomegnome-shell3.0.1
gnomegnome-shell3.0.2
gnomegnome-shell3.1.3
gnomegnome-shell3.1.4
gnomegnome-shell3.1.90
gnomegnome-shell3.1.90.1
gnomegnome-shell3.1.91
gnomegnome-shell3.1.91.1
gnomegnome-shell3.1.92
gnomegnome-shell3.2.0
gnomegnome-shell3.2.1
gnomegnome-shell3.2.2
gnomegnome-shell3.2.2.1
gnomegnome-shell3.3.2
gnomegnome-shell3.3.3
gnomegnome-shell3.3.5
gnomegnome-shell3.3.90
gnomegnome-shell3.3.91
gnomegnome-shell3.3.92
gnomegnome-shell3.4.0
gnomegnome-shell3.4.1
gnomegnome-shell3.4.2
gnomegnome-shell3.5.2
gnomegnome-shell3.5.3
gnomegnome-shell3.5.4
gnomegnome-shell3.5.90
gnomegnome-shell3.5.91
gnomegnome-shell3.5.92
gnomegnome-shell3.6.0
gnomegnome-shell3.6.1
gnomegnome-shell3.6.2
gnomegnome-shell3.6.3
gnomegnome-shell3.6.3.1
gnomegnome-shell3.7.1
gnomegnome-shell3.7.2
gnomegnome-shell3.7.2.1
gnomegnome-shell3.7.3
gnomegnome-shell3.7.3.1
gnomegnome-shell3.7.4
gnomegnome-shell3.7.4.1
gnomegnome-shell3.7.5
gnomegnome-shell3.7.91
gnomegnome-shell3.7.92
gnomegnome-shell3.8.0
gnomegnome-shell3.8.0.1
gnomegnome-shell3.8.1
gnomegnome-shell3.8.2
gnomegnome-shell3.8.3
gnomegnome-shell3.8.4
gnomegnome-shell3.9.1
gnomegnome-shell3.9.2
gnomegnome-shell3.9.3
gnomegnome-shell3.9.4
gnomegnome-shell3.9.5
gnomegnome-shell3.9.90
gnomegnome-shell3.9.91

References

CWEs

CWE-264

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.