All KDE Linux images from 202604210254 and older are vulnerable to local privilege escalation.
Any unprivileged local user can gain a root shell with ~10 lines of Python. The bug lives in the algif_aead kernel module and has existed in the Linux kernel since 2017 so long before KDE Linux. More info: Copy Fail: 732 Bytes to Root on Every Major Linux Distribution. - Xint
Mitigations (do this)
Update to an image with kernel 6.19.12 or newer via Discover, or:
updatectl update
Then reboot.
Can’t update or reboot?
Block the vulnerable module manually:
echo "install algif_aead /usr/bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true
This is a workaround only so update as soon as you can.