MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
lightdm
Search

Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blog)

Thursday November 13, 2025. 07:43 PM , from LWN.net
The SUSE Security Team has published an in-depth
article on its findings after reviewing a D-Bus service contained
in LightDM
Greeter by KDE (the lightdm-kde-greeter package)
for addition to openSUSE Tumbleweed. The team found a privilege
escalation from the lightdm service user to root, as
well as other attack vectors in the service:

In agreement with upstream, we assigned CVE-2025-62876 to track the
lightdm service user to root privilege escalation aspect described in
this report. The severity of the issue is low, since it only affects
defense-in-depth (if the lightdm service user were compromised) and
the problematic logic can only be reached and exploited if triggered
interactively by a privileged user.

The fixes are contained in the 6.0.4
release of the project.
Read more at LWN.net
https://lwn.net/Articles/1046376/

Related News

lightdm Rust in Android: move fast and fix things (Google Security Blog) LWN.netNov 13
service Security updates for Thursday LWN.netNov 13
privilege Iceland Deems Possible Atlantic Current Collapse A Security Risk SlashdotNov 13
user Red Hat OpenShift 4.20 boosts AI workloads, security InfoWorldNov 13
team Security updates for Wednesday LWN.netNov 12
escalation UK's Cyber Security and Resilience Bill makes Parliamentary debut TheRegisterNov 12
suse The first Extended Security Update for Windows 10 is here BetaNewsNov 12
security ClickFix May Be the Biggest Security Threat Your Family Has Never Heard Of SlashdotNov 12
kde Security updates for Tuesday LWN.netNov 11
greeter OWASP Top 10: Broken access control still tops app security list TheRegisterNov 11
only How GlassWorm wormed its way back into developers’ code — and what it says about open source security InfoWorldNov 11
root New hardened images set to improve container security BetaNewsNov 10
contained Security updates for Monday LWN.netNov 10
blog Cisco creating new security model using 30 years of data describing cyber-dramas and saves TheRegisterNov 10
lightdm About KeePassXC's code quality control (KeePassXC blog) LWN.netNov 9
service FreeBSD now builds reproducibly and without root privilege OS NewsNov 9
privilege Bank of America Faces Lawsuit Over Alleged Unpaid Time for Windows Bootup, Logins, and Security Token Requests SlashdotNov 8
user Social Security Employees Grill Management During Tense Shutdown Meeting Wired: Tech.Nov 7
team The Best Gifts for Sleep, as Tested by Our Team Wired: Tech.Nov 7
escalation Security updates for Friday LWN.netNov 7
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Nov, Thu 13 - 23:28 CET