KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-3827-1 plasma-workspace security update
Debian DSA Debian DSA DSA-5723-1 plasma-workspace security update
Ubuntu USN Ubuntu USN USN-6843-1 Plasma Workspace vulnerability
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-02T03:30:12.118Z

Reserved: 2024-05-18T00:00:00

Link: CVE-2024-36041

cve-icon Vulnrichment

Updated: 2024-08-02T03:30:12.118Z

cve-icon NVD

Status : Modified

Published: 2024-07-05T02:15:10.000

Modified: 2024-11-21T09:21:29.970

Link: CVE-2024-36041

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.