Kings Way

**Name of the Vulnerable Software and Affected Versions** dde-daemon versions 15.0 through 15.3 **Description** The issue concerns the dde-daemon process in the Deepin Desktop Environment, which runs with root privileges and lacks sufficient user identification when functions are called through D-Bus. This allows anyone to modify the grub configuration, potentially creating a backdoor or escalating privileges, by calling the `DoWriteGrubSettings()` function. **Recommendations** For versions 15.0 through 15.3, consider restricting access to the `DoWriteGrubSettings()` function provided by dde-daemon to prevent unauthorized modifications to the grub configuration. As a temporary workaround, restrict the use of the dde-daemon's D-Bus interface to minimize the risk of exploitation.