Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-5290

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

Published

2024-08-07T09:16:05.553

Last Modified

2024-09-17T13:09:13.683

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-427
Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	w1.fi	wpa_supplicant	-	Yes
Operating System	canonical	ubuntu_linux	-	No

References

https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613 Exploit, Issue Tracking ([email protected])
https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/ Exploit, Third Party Advisory ([email protected])
https://ubuntu.com/security/notices/USN-6945-1 Vendor Advisory ([email protected])