CVE-2024-5290

Summary

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).

Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

Affected Software

VendorProductVersion RangeStatus
Canonical Ltd.wpa_supplicant2:2.10-15 < 2:2.10-21ubuntu0.1affected
Canonical Ltd.wpa_supplicant2:2.9.0-21build1 < 2:2.10-6ubuntu2.1affected
Canonical Ltd.wpa_supplicant2:2.9-1ubuntu2 < 2:2.9-1ubuntu4.4affected
Canonical Ltd.wpa_supplicant2.4-0ubuntu10 < 2:2.6-15ubuntu2.8+esm1affected
Canonical Ltd.wpa_supplicant2.4-0ubuntu3 < 2.4-0ubuntu6.8+esm1affected
Canonical Ltd.wpa_supplicant2.1-0ubuntu1 < 2.1-0ubuntu1.7+esm5affected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References