CVE-2024-5290
CVSS V2 None
CVSS V3 None
Description
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
Overview
- CVE ID
- CVE-2024-5290
- Assigner
- canonical
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-07T08:14:08.153Z
- Last Modified Date
- 2024-08-07T14:40:06.238Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613 | |
| https://ubuntu.com/security/notices/USN-6945-1 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-5290 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5290 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-08 13:09:19 | Added to TrackCVE |