CVE-2024-36041

Name of the Vulnerable Software and Affected Versions KDE Plasma Workspace versions prior to 5.27.11.1 KDE Plasma Workspace 6.x versions prior to 6.0.5.1

Description The issue allows connections via ICE based purely on the host, i.e., all local connections are accepted. This enables another user on the same machine to gain access to the session manager. A well-crafted client could use the session restore feature to execute arbitrary code as the victim on the next boot via earlier use of the /tmp directory.

Recommendations For KDE Plasma Workspace versions prior to 5.27.11.1, update to version 5.27.11.1 or later. For KDE Plasma Workspace 6.x versions prior to 6.0.5.1, update to version 6.0.5.1 or later. As a temporary workaround, consider restricting access to the session manager to minimize the risk of exploitation.