CVE-2024-5290

2024-08-0600:00:00

ubuntu.com

wpa_supplicant

privilege escalation

shared objects

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

Percentile

5.1%

JSON

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading
of arbitrary shared objects, which allows a local unprivileged attacker to
escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of
wpa_supplicant allow an unprivileged user to specify an arbitrary path to a
module to be loaded by the wpa_supplicant process; other escalation paths
might exist.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchwpa< 2:2.6-15ubuntu2.8+esm1UNKNOWN
ubuntu20.04noarchwpa< 2:2.9-1ubuntu4.4UNKNOWN
ubuntu22.04noarchwpa< 2:2.10-6ubuntu2.1UNKNOWN
ubuntu24.04noarchwpa< 2:2.10-21ubuntu0.1UNKNOWN
ubuntu14.04noarchwpa< 2.1-0ubuntu1.7+esm5UNKNOWN
ubuntu16.04noarchwpa< 2.4-0ubuntu6.8+esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	wpa	< 2:2.6-15ubuntu2.8+esm1	UNKNOWN
ubuntu	20.04	noarch	wpa	< 2:2.9-1ubuntu4.4	UNKNOWN
ubuntu	22.04	noarch	wpa	< 2:2.10-6ubuntu2.1	UNKNOWN
ubuntu	24.04	noarch	wpa	< 2:2.10-21ubuntu0.1	UNKNOWN
ubuntu	14.04	noarch	wpa	< 2.1-0ubuntu1.7+esm5	UNKNOWN
ubuntu	16.04	noarch	wpa	< 2.4-0ubuntu6.8+esm1	UNKNOWN