CVE-2024-36041
First published: Fri Jul 05 2024(Updated: )
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE Plasma Workspace | <5.27.11.1 | |
| KDE Plasma Workspace | >=6.0.0.0<6.0.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-36041?
CVE-2024-36041 has a medium severity rating as it allows local users to access the session manager.
How do I fix CVE-2024-36041?
To fix CVE-2024-36041, upgrade to KDE Plasma Workspace version 5.27.11.1 or 6.0.5.1 or later.
Who is affected by CVE-2024-36041?
Users of KDE Plasma Workspace versions prior to 5.27.11.1 and 6.x before 6.0.5.1 are affected by CVE-2024-36041.
What impact does CVE-2024-36041 have on security?
CVE-2024-36041 potentially allows unauthorized local access to the session manager, compromising user sessions.
Is CVE-2024-36041 a remote or local vulnerability?
CVE-2024-36041 is a local vulnerability that affects users on the same machine.
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/softwarecombine
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/kde
- canonical/kde plasma workspace
- version/kde plasma workspace/6.0.0.0