cbcvebase.
CVE-2024-5290
published 2024-08-07

CVE-2024-5290: An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate…

PriorityP345high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.66%
46.8th percentile
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

Affected

11 ranges
VendorProductVersion rangeFixed in
canonical_ltdwpa_supplicant>= 0 < 2:2.9.0-21+deb11u22:2.9.0-21+deb11u2
canonical_ltdwpa_supplicant>= 0 < 2:2.10-12+deb12u22:2.10-12+deb12u2
canonical_ltdwpa_supplicant>= 0 < 2:2.10-222:2.10-22
canonical_ltdwpa_supplicant>= 0 < 2:2.10-222:2.10-22
canonical_ltdwpa_supplicant>= 2.1-0ubuntu1 < 2.1-0ubuntu1.7+esm52.1-0ubuntu1.7+esm5
canonical_ltdwpa_supplicant>= 2.4-0ubuntu10 < 2:2.6-15ubuntu2.8+esm12:2.6-15ubuntu2.8+esm1
canonical_ltdwpa_supplicant>= 2.4-0ubuntu3 < 2.4-0ubuntu6.8+esm12.4-0ubuntu6.8+esm1
canonical_ltdwpa_supplicant>= 2:2.10-15 < 2:2.10-21ubuntu0.12:2.10-21ubuntu0.1
canonical_ltdwpa_supplicant>= 2:2.9-1ubuntu2 < 2:2.9-1ubuntu4.42:2.9-1ubuntu4.4
canonical_ltdwpa_supplicant>= 2:2.9.0-21build1 < 2:2.10-6ubuntu2.12:2.10-6ubuntu2.1
debianwpa< wpa 2:2.10-12+deb12u2 (bookworm)wpa 2:2.10-12+deb12u2 (bookworm)

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.