Description
dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/kings-way/deepinhack/blob/master/dde_daemon_poc.py
Scores
CVSS v3
8.8
EPSS
0.0061
EPSS Percentile
69.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (4)
deepin/deepin_desktop_environment
15.0
deepin/deepin_desktop_environment
15.1
deepin/deepin_desktop_environment
15.2
deepin/deepin_desktop_environment
15.3
Published
Apr 10, 2017
Tracked Since
Feb 18, 2026