CVE-2024-36041 is a vulnerability in KSmserver, the session manager component of KDE Plasma Workspace, identified in versions prior to 5.27.11.1 and 6.x before 6.0.5.1. The flaw arises because KSmserver accepts ICE (Inter-Client Exchange) protocol connections based solely on the host, effectively trusting all local connections without further authentication. This design allows any local user on the same machine to connect to the session manager. Exploiting this, an attacker can manipulate the session-restore feature by placing crafted files in the /tmp directory, which the session manager processes on the next user login or system boot. This leads to arbitrary code execution within the context of the victim user session. The vulnerability impacts confidentiality (unauthorized access to session data), integrity (execution of unauthorized code), and availability (potential session disruption). The CVSS v3.1 score is 7.3 (high), reflecting the local attack vector, low attack complexity, required privileges (local user), and user interaction (victim login). No public exploits have been reported yet, but the vulnerability poses a significant risk in multi-user Linux environments where KDE Plasma is deployed. The underlying CWE-613 indicates improper session expiration or invalidation, which in this case manifests as overly permissive connection acceptance and session restore handling.

For European organizations, especially those using KDE Plasma in multi-user environments such as shared workstations, developer machines, or educational institutions, this vulnerability can lead to unauthorized local privilege escalation and session compromise. Attackers with local access can execute arbitrary code as another user, potentially accessing sensitive data, installing persistent malware, or disrupting user sessions. This is particularly critical in environments where users have different privilege levels or where sensitive operations occur on shared machines. The impact extends to confidentiality breaches, integrity violations through code execution, and availability issues due to session disruption. Organizations relying on KDE Plasma for desktop environments in government, research, or enterprise sectors may face increased risk, especially if patching is delayed or local user access controls are weak.

1. Upgrade KDE Plasma Workspace to version 5.27.11.1 or later, or 6.0.5.1 or later, where this vulnerability is patched. 2. Restrict local user access on multi-user systems to trusted personnel only, minimizing the risk of malicious local actors. 3. Implement strict permissions and monitoring on the /tmp directory to detect and prevent unauthorized file manipulations related to session restore. 4. Use Linux security modules (e.g., SELinux, AppArmor) to enforce access controls on session manager processes and temporary directories. 5. Educate users about the risks of local privilege escalation and encourage reporting of suspicious activity. 6. Consider isolating critical user sessions or using containerization to limit the impact of local exploits. 7. Regularly audit and monitor system logs for unusual ICE connection attempts or session manager anomalies.