Dolphin is likely remotely expllitable (tested twice on two different machines second running nothing yet connected to the internet)

4xx Client Error 406 Not Acceptable
1

After inability to create a new file / change a file name.

Only being connected the internet allows Dolphin to be exploited within minutes.

Was attempting to do basic file operations on a computer which broke; switched to another computer was able to change a file name; right after doing so was not able to again.

System:
Kernel: 6.15.11-hardened1-1-hardened arch: x86_64 bits: 64 compiler: gcc
v: 15.2.1 clocksource: tsc avail: hpet,acpi_pm parameters: pti=on
page_alloc.shuffle=1 BOOT_IMAGE=/@/boot/vmlinuz-linux-hardened
root=UUID=cd98a4d0-7cf9-4a94-9bff-acc82516e91c rw rootflags=subvol=@
quiet rd.luks.uuid=0aeb56a0-84c6-490a-8611-f6fda326abe6 loglevel=3
Desktop: KDE Plasma v: 6.4.5 tk: Qt v: N/A info: frameworks v: 6.18.0
wm: kwin_wayland vt: 1 dm: SDDM Distro: Garuda base: Arch Linux
Machine:
Type: Laptop System: LENOVO product: 83AX v: Lenovo Slim Pro 7 14ARP8
serial: <superuser required> Chassis: type: 10 v: Lenovo Slim Pro 7 14ARP8
serial: <superuser required>
Mobo: LENOVO model: LNVNB161216 v: SDK0K17763 WIN
serial: <superuser required> part-nu: LENOVO_MT_83AX_BU_idea_FM_Slim Pro 7
14ARP8 uuid: <superuser required> UEFI: LENOVO v: LNCN25WW
date: 04/29/2025
Battery:
ID-1: BAT0 charge: 54.6 Wh (82.3%) condition: 66.4/73 Wh (90.9%)
power: 32.9 W volts: 16.1 min: 15.52 model: Sunwoda L22D4PF4 type: Li-poly
serial: <filter> charging: status: discharging cycles: 87
CPU:
Info: model: AMD Ryzen 7 7735HS with Radeon Graphics bits: 64 type: MT MCP
arch: Zen 3+ gen: 3 level: v3 note: check built: 2022 process: TSMC n6 (7nm)
family: 0x19 (25) model-id: 0x44 (68) stepping: 1 microcode: 0xA40410A
Topology: cpus: 1x dies: 1 clusters: 1 cores: 8 threads: 16 tpc: 2
smt: enabled cache: L1: 512 KiB desc: d-8x32 KiB; i-8x32 KiB L2: 4 MiB
desc: 8x512 KiB L3: 16 MiB desc: 1x16 MiB
Speed (MHz): avg: 1741 min/max: 407/4831 boost: enabled scaling:
driver: amd-pstate-epp governor: powersave cores: 1: 1741 2: 1741 3: 1741
4: 1741 5: 1741 6: 1741 7: 1741 8: 1741 9: 1741 10: 1741 11: 1741 12: 1741
13: 1741 14: 1741 15: 1741 16: 1741 bogomips: 102211
Flags-basic: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a
ssse3 svm
Vulnerabilities: <filter>
Graphics:
Device-1: NVIDIA GA107BM / GN20-P0-R-K2 [GeForce RTX 3050 6GB Laptop GPU]
vendor: Lenovo driver: nouveau v: kernel non-free: 550-580.xx+
status: current (as of 2025-08; EOL~2026-12-xx) arch: Ampere code: GAxxx
process: TSMC n7 (7nm) built: 2020-2023 pcie: gen: 4 speed: 16 GT/s
lanes: 8 link-max: lanes: 16 bus-ID: 01:00.0 chip-ID: 10de:25ac
class-ID: 0302
Device-2: Advanced Micro Devices [AMD/ATI] Rembrandt [Radeon 680M]
vendor: Lenovo driver: amdgpu v: kernel arch: RDNA-2 code: Navi-2x
process: TSMC n7 (7nm) built: 2020-22 pcie: gen: 4 speed: 16 GT/s
lanes: 16 ports: active: eDP-1 empty: DP-1, DP-2, DP-3, DP-4, DP-5, DP-6,
HDMI-A-1, Writeback-1 bus-ID: 73:00.0 chip-ID: 1002:1681 class-ID: 0300
temp: 43.0 C
Device-3: Luxvisions Innotech Integrated RGB Camera driver: uvcvideo
type: USB rev: 2.0 speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 5-1:2
chip-ID: 30c9:00a8 class-ID: fe01 serial: <filter>
Device-4: USB C Video Adaptor driver: N/A type: USB rev: 2.0
speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 9-1.2.3:4 chip-ID: 25a4:9411
class-ID: 1100 serial: <filter>
Display: wayland server: X.org v: 1.21.1.18 with: Xwayland v: 24.1.8
compositor: kwin_wayland driver: X: loaded: amdgpu,modesetting,nouveau
alternate: fbdev,nv,vesa dri: radeonsi gpu: amdgpu display-ID: 0
Monitor-1: eDP-1 model: AU Optronics 0x7aa7 built: 2022 res:
mode: 2560x1600 hz: 90 scale: 140% (1.4) to: 1829x1143 dpi: 208 gamma: 1.2
size: 312x195mm (12.28x7.68") diag: 368mm (14.5") ratio: 16:10 modes:
max: 2560x1600 min: 640x480
API: EGL v: 1.5 hw: drv: amd radeonsi platforms: device: 1 drv: radeonsi
device: 2 drv: swrast gbm: drv: kms_swrast surfaceless: drv: radeonsi
wayland: drv: radeonsi x11: drv: radeonsi inactive: device-0
API: OpenGL v: 4.6 compat-v: 4.5 vendor: amd mesa v: 25.2.3-arch1.2
glx-v: 1.4 direct-render: yes renderer: AMD Radeon 680M (radeonsi rembrandt
LLVM 20.1.8 DRM 3.63 6.15.11-hardened1-1-hardened) device-ID: 1002:1681
memory: 1.95 GiB unified: no display-ID: :1.0
API: Vulkan v: 1.4.321 layers: 9 device: 0 type: integrated-gpu name: AMD
Radeon 680M (RADV REMBRANDT) driver: mesa radv v: 25.2.3-arch1.2
device-ID: 1002:1681 surfaces: N/A device: 1 type: cpu name: llvmpipe
(LLVM 20.1.8 256 bits) driver: mesa llvmpipe v: 25.2.3-arch1.2 (LLVM
20.1.8) device-ID: 10005:0000 surfaces: N/A
Info: Tools: api: clinfo, eglinfo, glxinfo, vulkaninfo
de: kscreen-console,kscreen-doctor wl: wayland-info
x11: xdpyinfo, xprop, xrandr
Audio:
Device-1: Advanced Micro Devices [AMD/ATI] Radeon High Definition Audio
[Rembrandt/Strix] vendor: Lenovo driver: snd_hda_intel v: kernel pcie:
gen: 4 speed: 16 GT/s lanes: 16 bus-ID: 73:00.1 chip-ID: 1002:1640
class-ID: 0403
Device-2: Advanced Micro Devices [AMD] Audio Coprocessor vendor: Lenovo
driver: snd_pci_acp6x v: kernel alternate: snd_pci_acp3x, snd_rn_pci_acp3x,
snd_pci_acp5x, snd_acp_pci, snd_rpl_pci_acp6x, snd_pci_ps,
snd_sof_amd_renoir, snd_sof_amd_rembrandt, snd_sof_amd_vangogh,
snd_sof_amd_acp63, snd_sof_amd_acp70 pcie: gen: 4 speed: 16 GT/s lanes: 16
bus-ID: 73:00.5 chip-ID: 1022:15e2 class-ID: 0480
Device-3: Advanced Micro Devices [AMD] Family 17h/19h/1ah HD Audio
vendor: Lenovo driver: snd_hda_intel v: kernel pcie: gen: 4 speed: 16 GT/s
lanes: 16 bus-ID: 73:00.6 chip-ID: 1022:15e3 class-ID: 0403
API: ALSA v: k6.15.11-hardened1-1-hardened status: kernel-api tools: N/A
Server-1: PipeWire v: 1.4.8 status: active with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
Device-1: MEDIATEK MT7922 802.11ax PCI Express Wireless Network Adapter
vendor: Lenovo driver: mt7921e v: kernel pcie: gen: 2 speed: 5 GT/s lanes: 1
bus-ID: 02:00.0 chip-ID: 14c3:0616 class-ID: 0280
IF: wlp2s0 state: down mac: <filter>
Device-2: ASIX AX88179 Gigabit Ethernet driver: cdc_ncm type: USB rev: 3.2
speed: 5 Gb/s lanes: 1 mode: 3.2 gen-1x1 bus-ID: 10-1.2.1:4
chip-ID: 0b95:1790 class-ID: 0a00 serial: <filter>
IF: eth0 state: up speed: N/A duplex: half mac: <filter>
Info: services: NetworkManager, smbd, systemd-timesyncd
Bluetooth:
Device-1: Foxconn / Hon Hai Bluetooth 5.2 Adapter [MediaTek MT7922]
driver: btusb v: 0.8 type: USB rev: 2.1 speed: 480 Mb/s lanes: 1 mode: 2.0
bus-ID: 3-3:2 chip-ID: 0489:e0d8 class-ID: e001 serial: <filter>
Report: btmgmt ID: hci0 rfk-id: 3 state: down bt-service: enabled,running
rfk-block: hardware: no software: yes address: <filter> bt-v: 5.3 lmp-v: 12
status: discoverable: no pairing: no
Drives:
Local Storage: total: 1.82 TiB used: 37.1 GiB (2.0%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Samsung model: SSD 990 PRO 2TB
size: 1.82 TiB block-size: physical: 512 B logical: 512 B speed: 63.2 Gb/s
lanes: 4 tech: SSD serial: <filter> fw-rev: 3B2QJXD7 temp: 35.9 C
scheme: GPT
ID-2: /dev/sda maj-min: 8:0 vendor: Transcend model: N/A size: 1.87 GiB
block-size: physical: 512 B logical: 512 B type: USB rev: 3.0 spd: 5 Gb/s
lanes: 1 mode: 3.2 gen-1x1 tech: N/A serial: <filter> fw-rev: TS37
scheme: MBR
SMART Message: Unknown USB bridge. Flash drive/Unsupported enclosure?
Partition:
ID-1: / raw-size: 130.21 GiB size: 130.21 GiB (100.00%)
used: 37.03 GiB (28.4%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-0aeb56a0-84c6-490a-8611-f6fda326abe6
ID-2: /boot/efi raw-size: 100 MiB size: 96 MiB (96.00%)
used: 59.2 MiB (61.7%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
ID-3: /home raw-size: 130.21 GiB size: 130.21 GiB (100.00%)
used: 37.03 GiB (28.4%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-0aeb56a0-84c6-490a-8611-f6fda326abe6
ID-4: /var/log raw-size: 130.21 GiB size: 130.21 GiB (100.00%)
used: 37.03 GiB (28.4%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-0aeb56a0-84c6-490a-8611-f6fda326abe6
ID-5: /var/tmp raw-size: 130.21 GiB size: 130.21 GiB (100.00%)
used: 37.03 GiB (28.4%) fs: btrfs dev: /dev/dm-0 maj-min: 254:0
mapped: luks-0aeb56a0-84c6-490a-8611-f6fda326abe6
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default) zswap: no
ID-1: swap-1 type: zram size: 13.33 GiB used: 0 KiB (0.0%) priority: 100
comp: zstd avail: lzo-rle,lzo,lz4,lz4hc,deflate,842 dev: /dev/zram0
Sensors:
System Temperatures: cpu: N/A mobo: N/A gpu: amdgpu temp: 47.0 C
Fan Speeds (rpm): N/A
Info:
Memory: total: 16 GiB note: est. available: 13.33 GiB used: 2.87 GiB (21.5%)
Processes: 446 Power: uptime: 5m states: freeze,mem suspend: s2idle
wakeups: 0 services: org_kde_powerdevil, power-profiles-daemon, upowerd
Init: systemd v: 258 default: graphical tool: systemctl
Packages: pm: pacman pkgs: 1638 libs: 406 tools: octopi,paru Compilers:
clang: 20.1.8 gcc: 15.2.1 Shell: Bash v: 5.3.3 default: fish v: 4.0.8
running-in: konsole inxi: 3.3.39
Garuda (2.8.3-2):
System install date:     2025-07-19
Garuda release:          250308
Last full system update: 2025-09-21
Is partially upgraded:   No
Relevant software:       snapper NetworkManager dracut
Windows dual boot:       Probably (Run as root to verify)
Failed units:
--- System Health Check Report ---
23/24 checks run in 1.61 seconds ⌛
Powered by garuda-health 🦅

âś… System health check passed. No issues found.
2

Its hard to understand what you mean, you haven’t really explained yourself well.

Exploitable how? You need to give a step by step account for people to be able to reproduce your dilemma.
e.g

Step 1: Do this
Step 2 : Do this
Step 3: This happens

I hope you can better explain your self in order to get more help,
if however you feel we don’t understand you. The best place for you to file this issue would be at:

4 Likes
7

Heya @shelled (and forum members, this is publically disclosed due to the claim of a “security problem”).

Unfortunately, the other forum moderators and I have seen ourselves forced to once again apply a suspension to your account. The suspension is scheduled to last 3 months.

This is because you have a history of creating frivolous forum posts claiming security issues exist in places where they do not. For example, you have claimed that a corrupt pacman package in the pacman cache is cause for a system to be considered “fully compromised”, among other incidents. Additionally, you have been suspended from the Garuda Linux Forum before for similar posts, and it appears you have not taken the warning to heart.

The time of the forum volunteers as well as developers is valuable. Due to the repeat offense, I see myself forced to warn you, that any future incident warranting suspension will lead to a permanent suspension from the Garuda Linux Forums.

With hopeful regards,
TNE

11 Likes