Oliver-Tobias Ripka

**Name of the Vulnerable Software and Affected Versions** acpid versions 2.0.16 and earlier **Description** The issue allows local users to gain privileges by exploiting incorrect usage of the pidof program in the powerbtn.sh script. This can be achieved by running a program with the name kded4 and setting a DBUS SESSION BUS ADDRESS environment variable containing commands. The vulnerability may lead to disruption of confidentiality, integrity, and availability of protected information. It can be exploited by a local attacker. **Recommendations** For acpid versions 2.0.16 and earlier, update to version 2.0.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the powerbtn.sh script to minimize the risk of exploitation. Avoid using the DBUS SESSION BUS ADDRESS environment variable in a way that could contain commands until the issue is resolved.