1. Forum
  2. NIXNet
  3. NIX_AUTO

  • Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blog

    From LWN.net@86:200/23 to All on Fri Nov 14 06:40:07 2025

    The SUSE Security Team has published an in-depth
    article on its findings after reviewing a D-Bus service contained
    in LightDM
    Greeter by KDE (the lightdm-kde-greeter package)
    for addition to openSUSE Tumbleweed. The team found a privilege
    escalation from the lightdm service user to root, as
    well as other attack vectors in the service:

    In agreement with upstream, we assigned CVE-2025-62876 to track the
    lightdm service user to root privilege escalation aspect described in
    this report. The severity of the issue is low, since it only affects defense-in-depth (if the lightdm service user were compromised) and
    the problematic logic can only be reached and exploited if triggered interactively by a privileged user.

    The fixes are contained in the 6.0.4
    release of the project.

    https://lwn.net/Articles/1046376/
    --- SBBSecho 3.29-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)