Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blog)

by
jzb
from LWN.net on (#71ERN)

The SUSE Security Team has published an in-deptharticle on its findings after reviewing a D-Bus service containedin LightDMGreeter by KDE (the lightdm-kde-greeter package)for addition to openSUSE Tumbleweed. The team found a privilegeescalation from the lightdm service user to root, aswell as other attack vectors in the service:

In agreement with upstream, we assigned CVE-2025-62876 to track thelightdm service user to root privilege escalation aspect described inthis report. The severity of the issue is low, since it only affectsdefense-in-depth (if the lightdm service user were compromised) andthe problematic logic can only be reached and exploited if triggeredinteractively by a privileged user.

The fixes are contained in the 6.0.4release of the project.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments