CVE-2024-5290
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical Ltd. | wpa_supplicant | 2:2.10-15 < 2:2.10-21ubuntu0.1 | affected |
| Canonical Ltd. | wpa_supplicant | 2:2.9.0-21build1 < 2:2.10-6ubuntu2.1 | affected |
| Canonical Ltd. | wpa_supplicant | 2:2.9-1ubuntu2 < 2:2.9-1ubuntu4.4 | affected |
| Canonical Ltd. | wpa_supplicant | 2.4-0ubuntu10 < 2:2.6-15ubuntu2.8+esm1 | affected |
| Canonical Ltd. | wpa_supplicant | 2.4-0ubuntu3 < 2.4-0ubuntu6.8+esm1 | affected |
| Canonical Ltd. | wpa_supplicant | 2.1-0ubuntu1 < 2.1-0ubuntu1.7+esm5 | affected |
Weaknesses
- CWE-427: CWE-427 Uncontrolled Search Path Element
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
- https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/
- https://ubuntu.com/security/notices/USN-6945-1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.