Privilege Escalation from lightdm Service User to root in KAuth Helper Service (CVE-2025-62876)
(security.opensuse.org)
from cm0002@suppo.fi to cybersecurity@infosec.pub on 13 Nov 23:11
https://suppo.fi/post/9014693
from cm0002@suppo.fi to cybersecurity@infosec.pub on 13 Nov 23:11
https://suppo.fi/post/9014693
lightdm-kde-greeter is a KDE-themed greeter application for the lightdm display manager. At the beginning of September one of our community packagers asked us to review a D-Bus service contained in lightdm-kde-greeter for addition to openSUSE Tumbleweed.
In the course of the review we found a potential privilege escalation from the lightdm service user to root which is facilitated by this D-Bus service, among some other shortcomings in its implementation.
threaded - newest