kpmcore_externalcommand helper contains a logic flaw in which the service invoking dbus is not properly checked. An attacker on your local machine can replace /etc/fstab, execute mount and other partitioning related commands while KDE Partition Manager is running. mount command can then be used to gain full root privileges.
Created kpmcore tracking bugs for this issue: Affects: epel-8 [bug 1890207]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
References: https://kde.org/info/security/advisory-20201017-1.txt