Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-36041

KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.

Published

2024-07-05T02:15:10.000

Last Modified

2024-11-21T09:21:29.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-613

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	kde	plasma-workspace	< 5.27.11.1	Yes
Application	kde	plasma-workspace	< 6.0.5.1	Yes

References

https://github.com/KDE/plasma-workspace/tags Release Notes ([email protected])
https://invent.kde.org/plasma/plasma-workspace/ Product ([email protected])
https://kde.org/info/security/advisory-20240531-1.txt Vendor Advisory ([email protected])
https://www.x.org/releases/X11R7.7/doc/libSM/xsmp.html Product ([email protected])
https://github.com/KDE/plasma-workspace/tags Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://invent.kde.org/plasma/plasma-workspace/ Product (af854a3a-2127-422b-91ae-364da2661108)
https://kde.org/info/security/advisory-20240531-1.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.x.org/releases/X11R7.7/doc/libSM/xsmp.html Product (af854a3a-2127-422b-91ae-364da2661108)