CVE-2024-5290

EUVD-2024-46526

07.08.2024, 09:16

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).




Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 53%

Affected Products (NVD)

Vendor	Product	Version
w1.fi	wpa_supplicant	-

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
w1.fi	wpa_supplicant	2:2.10-15 ≤ 𝑥 < 2:2.10-21ubuntu0.1	ADP
w1.fi	wpa_supplicant	2:2.9.0-21build1 ≤ 𝑥 < 2:2.10-6ubuntu2.1	ADP
w1.fi	wpa_supplicant	2:2.9-1ubuntu2 ≤ 𝑥 < 2:2.9-1ubuntu4.4	ADP
w1.fi	wpa_supplicant	2.4-0ubuntu10 ≤ 𝑥 < 2:2.6-15ubuntu2.8+esm1	ADP
w1.fi	wpa_supplicant	2.4-0ubuntu3 ≤ 𝑥 < 2.4-0ubuntu6.8+esm1	ADP
w1.fi	wpa_supplicant	2.1-0ubuntu1 ≤ 𝑥 < 2.1-0ubuntu1.7+esm5	ADP

Debian Releases

Debian Product

Codename

wpa

bookworm	2:2.10-12+deb12u3 fixed
bookworm (security)	2:2.10-12+deb12u2 fixed
bullseye	2:2.9.0-21+deb11u2 fixed
bullseye (security)	2:2.9.0-21+deb11u3 fixed
forky	2:2.10-25 fixed
sid	2:2.10-25 fixed
trixie	2:2.10-24 fixed

Ubuntu Releases

Ubuntu Product

Codename

wpa

bionic	Fixed 2:2.6-15ubuntu2.8+esm1 released
focal	Fixed 2:2.9-1ubuntu4.4 released
jammy	Fixed 2:2.10-6ubuntu2.1 released
mantic	ignored
noble	Fixed 2:2.10-21ubuntu0.1 released
trusty	Fixed 2.1-0ubuntu1.7+esm5 released
xenial	Fixed 2.4-0ubuntu6.8+esm1 released

Known Exploits!

Common Weakness Enumeration

CWE-427 - Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References

https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613

https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/

https://ubuntu.com/security/notices/USN-6945-1