CVE-2024-36041 Affecting plasma-workspace package, versions <4:5.20.5-6+deb11u1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-PLASMAWORKSPACE-7174873
- published 2 Jun 2024
- disclosed 5 Jul 2024
Introduced: 2 Jun 2024
CVE-2024-36041 Open this link in a new tabHow to fix?
Upgrade Debian:11 plasma-workspace to version 4:5.20.5-6+deb11u1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream plasma-workspace package and not the plasma-workspace package as distributed by Debian.
See How to fix? for Debian:11 relevant fixed versions and status.
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.