| Name | CVE-2024-36041 |
| Description | KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3827-1, DSA-5723-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| plasma-workspace (PTS) | stretch (security), stretch (lts), stretch | 4:5.8.6-2.1+deb9u1 | vulnerable |
| buster (security), buster, buster (lts) | 4:5.14.5.1-1+deb10u1 | fixed | |
| bullseye (security), bullseye | 4:5.20.5-6+deb11u1 | fixed | |
| bookworm (security), bookworm | 4:5.27.5-2+deb12u2 | fixed | |
| sid, trixie | 4:5.27.11.1-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| plasma-workspace | source | stretch | (unfixed) | end-of-life | ||
| plasma-workspace | source | buster | 4:5.14.5.1-1+deb10u1 | DLA-3827-1 | ||
| plasma-workspace | source | bullseye | 4:5.20.5-6+deb11u1 | DSA-5723-1 | ||
| plasma-workspace | source | bookworm | 4:5.27.5-2+deb12u2 | DSA-5723-1 | ||
| plasma-workspace | source | (unstable) | 4:5.27.11.1-1 |
https://kde.org/info/security/advisory-20240531-1.txt
Fixed by: https://invent.kde.org/plasma/plasma-workspace/-/commit/da843d3fdb143ed44094c8e6246cfb8305f6f09f
Fixed by: https://invent.kde.org/plasma/plasma-workspace/-/commit/1d5aa1d27bff87b2d242ed759cfb2ce15a5c3de7
The second commit is not needed due to plasma-workspace depending on x11-xserver-utils.