Description

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

INFO

Published Date :

2024-08-07T08:14:08.153Z

Last Modified :

2024-09-18T15:39:53.818Z

Source :

canonical
AFFECTED PRODUCTS

The following products are affected by CVE-2024-5290 vulnerability.

Vendors Products
Canonical
  • Ubuntu Linux
W1.fi
  • Wpa Supplicant
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-5290.

URL Resource
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-5290 cve-icon
https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/ cve-icon cve-icon
https://ubuntu.com/security/notices/USN-6945-1 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-5290 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact