1. Forum
  2. tqwNet
  3. TQW LINUX

  • Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blo

    From LWN.net@1337:1/100 to All on Thu Nov 13 18:45:07 2025
    Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blog)

    Date:
    Thu, 13 Nov 2025 18:43:07 +0000

    Description:
    The SUSE Security Team has published an in-depth
    article on its findings after reviewing a D-Bus service contained
    in LightDM
    Greeter by KDE (the lightdm-kde-greeter package)
    for addition to openSUSE Tumbleweed. The team found a privilege
    escalation from the lightdm service user to root , as
    well as other attack vectors in the service: In agreement with upstream, we assigned CVE-2025-62876 to track the lightdm service user to root privilege escalation aspect described in
    this report. The severity of the issue is low, since it only affects defense-in-depth (if the lightdm service user were compromised) and
    the problematic logic can only be reached and exploited if triggered interactively by a privileged user. The fixes are contained in the 6.0.4 release of the project.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/1046376/


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)