Subj : Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blo
To   : All
From : LWN.net
Date : Thu Nov 13 2025 18:45:07

Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blog)

Date:
Thu, 13 Nov 2025 18:43:07 +0000

Description:
The SUSE Security Team has published an in-depth
article on its findings after reviewing a D-Bus service contained
in LightDM
Greeter by KDE (the lightdm-kde-greeter package)
for addition to openSUSE Tumbleweed. The team found a privilege
escalation from the lightdm service user to root , as
well as other attack vectors in the service: In agreement with upstream, we 
assigned CVE-2025-62876 to track the lightdm service user to root privilege 
escalation aspect described in
this report. The severity of the issue is low, since it only affects
defense-in-depth (if the lightdm service user were compromised) and
the problematic logic can only be reached and exploited if triggered
interactively by a privileged user. The fixes are contained in the 6.0.4
release of the project.

======================================================================
Link to news story:
https://lwn.net/Articles/1046376/


--- Mystic BBS v1.12 A49 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.