You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
linux d-bus authorization
About this tag
The linux d-bus authorization tag covers security vulnerabilities and configuration issues where D-Bus message bus permissions are misconfigured, allowing local unprivileged users to alter system services. A key example is CVE-2026-4948 in firewalld, where insufficient authorization on D-Bus setters lets a local user modify runtime firewall state. This is relevant for Windows administrators managing heterogeneous environments that include Linux, containers, Azure, or WSL, as such bugs can affect cross-platform security posture. Discussions focus on understanding D-Bus authorization models, auditing policy files, and applying vendor patches to prevent local privilege escalation or service manipulation. The tag does not cover Windows-specific D-Bus implementations or general Linux administration unrelated to authorization.
CVE-2026-4948 is a medium-severity firewalld vulnerability disclosed on March 27, 2026, in which a local unprivileged Linux user can alter runtime firewall state through mis-authorized D-Bus setters, with Microsoft listing the issue through its Security Update Guide for affected environments...