Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 933342 (CVE-2024-36041) - <kde-plasma/plasma-workspace-, <kde-plasma/plasma-workspace-6.0.90-r1:6: ksmserver: Unauthorized users can access session manager
Summary: <kde-plasma/plasma-workspace-, <kde-plasma/plasma-workspace-6.0.90...
Alias: CVE-2024-36041
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa+]
Depends on: 933647
  Show dependency tree
Reported: 2024-06-01 07:15 UTC by Andreas Sturmlechner
Modified: 2024-07-06 06:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2024-06-01 07:15:04 UTC
KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE
based purely on the host, allowing all local connections. This allows
another user on the same machine to gain access to the session

A well crafted client could use the session restore feature to execute
arbitrary code as the user on the next boot.
Comment 1 Larry the Git Cow gentoo-dev 2024-06-07 16:18:01 UTC
The bug has been referenced in the following commit(s):

commit f102a34bb6339a5ee03f9a4a7b381dc6c0abf300
Author:     Andreas Sturmlechner <>
AuthorDate: 2024-06-07 16:08:45 +0000
Commit:     Andreas Sturmlechner <>
CommitDate: 2024-06-07 16:16:43 +0000

    kde-plasma/plasma-workspace: drop 5.27.11,
    Signed-off-by: Andreas Sturmlechner <>

 kde-plasma/plasma-workspace/Manifest               |   1 -
 .../plasma-workspace-              | 233 ---------------------
 .../plasma-workspace-5.27.11.ebuild                | 233 ---------------------
 3 files changed, 467 deletions(-)
Comment 2 Andreas Sturmlechner gentoo-dev 2024-06-07 16:25:38 UTC
Cleanup done, thanks everyone.
Comment 3 Larry the Git Cow gentoo-dev 2024-07-06 06:45:15 UTC
The bug has been referenced in the following commit(s):

commit ff64c164b3070caa6ec2bf19cbea6d9083251e93
Author:     GLSAMaker <>
AuthorDate: 2024-07-06 06:45:04 +0000
Commit:     Hans de Graaff <>
CommitDate: 2024-07-06 06:45:13 +0000

    [ GLSA 202407-20 ] KDE Plasma Workspaces: Privilege Escalation
    Signed-off-by: GLSAMaker <>
    Signed-off-by: Hans de Graaff <>

 glsa-202407-20.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)