[Bug 1225774] New: VUL-0: CVE-2024-36041: ksmserver: Unauthorized users can access session manager
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225774 Bug ID: 1225774 Summary: VUL-0: CVE-2024-36041: ksmserver: Unauthorized users can access session manager Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: fabian@ritter-vogt.de Reporter: fabian@ritter-vogt.de QA Contact: qa-bugs@suse.de CC: security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- CVE-2024-36041 https://kde.org/info/security/advisory-20240531-1.txt Needs two patches added to plasma5-workspace in 15.5 + 15.6 as well as plasma6-workspace in Tumbleweed. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225774
https://bugzilla.suse.com/show_bug.cgi?id=1225774#c1
Fabian Vogt
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225774
Fabian Vogt
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225774
https://bugzilla.suse.com/show_bug.cgi?id=1225774#c3
--- Comment #3 from OBSbugzilla Bot
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225774
https://bugzilla.suse.com/show_bug.cgi?id=1225774#c5
--- Comment #5 from Andreas Schwab
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225774
https://bugzilla.suse.com/show_bug.cgi?id=1225774#c6
--- Comment #6 from Fabian Vogt
This completely breaks session management. It is no longer possible to restore a session at login, neither the current session nor a manually saved one.
More details are needed there. I suspect it's because the $ICEAUTHORITY variable is not set properly or the authority file is inaccessible. Please file a new bug report though, this is only about the security issue. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1225774
https://bugzilla.suse.com/show_bug.cgi?id=1225774#c7
--- Comment #7 from OBSbugzilla Bot
participants (1)
-
bugzilla_noreply@suse.com