Found by Ubuntu Security Team member Chris Coulson during audit of gdm3 source code
Local user can exploit via DBus to crash GDM via use-after-free (create a transient display which is automatically cleaned up, then try to query info for the previously created display)