vulnerability

FreeBSD: VID-479df73e-2838-11ef-9cab-4ccc6adda413 (CVE-2024-36041): plasma[56]-plasma-workspace -- Unauthorized users can access session manager

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Jun 11, 2024	Dec 10, 2025	Dec 10, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Jun 11, 2024

Added

Dec 10, 2025

Modified

Dec 10, 2025

Description

David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code as the user on the next boot.

Solutions

freebsd-upgrade-package-plasma5-plasma-workspacefreebsd-upgrade-package-plasma6-plasma-workspace

References

CVE-2024-36041
https://attackerkb.com/topics/CVE-2024-36041
CWE-613

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today