CNNVD-202601-2453 Information

CNNVD ID

CNNVD-202601-2453

Related CVE

CVE-2025-67859

• CNNVD Published: 2026-01-14

Description (Chinese)

TLP是linrunner个人开发者的一个电源管理软件。 TLP 1.9版本至1.9.1之前版本存在授权问题漏洞，该漏洞源于身份验证不当，可能导致本地用户任意控制电源配置文件和守护进程日志设置。

Description (English)

TLP is a power management software for the Linrunner personal developer. Prior to TLP 1.9 to 1.9.1, there was a bug in the delegation of authority, which stemmed from inappropriate authentication, which could lead local users to control the power configuration and daemon log settings at will.

Hazard Level

Medium

Vulnerability Type

授权问题

Affected Vendor

个人开发者

Published

2026-01-14

Last Modified

2026-02-24

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67859 https://security.opensuse.org/2026/01/07/tlp-polkit-authentication-bypass.html

Patch

https://github.com/linrunner/TLP/releases