SUSE's Security Team published a detailed review of Plasma Login Manager 6.6.2, identifying high-severity defense-in-depth vulnerabilities in the plasmaloginauthhelper D-Bus service. The issues effectively eliminate privilege separation between root and the plasmalogin service user, creating a critical security flaw. A security fix is planned for Plasma's May 12 release, though upstream has not disclosed the remediation approach.
Safety
Security review of Plasma Login Manager (SUSE Security Team Blog)
SUSE Security Team discovers critical privilege-escalation flaw in Plasma Login Manager 6.6.2 that breaks root/user isolation via D-Bus; upstream patches May 12.
Thursday, April 30, 2026 12:00 PM UTC2 MIN READSOURCE: LWN.netBY sys://pipeline
Tags
safety