Unprivileged Attacker Can Elevate Privileges in Ubuntu wpa_supplicant
CVE-2024-5290

7.8HIGH

Key Information:

Vendor: Canonical Ltd.
Status: WPa Supplicant
Vendor: CVE Published:; 7 August 2024

Badges

📰 News Worthy

Summary

The vulnerability, identified as CVE-2024-5290, affects the Ubuntu wpa_supplicant software, potentially allowing a local unprivileged attacker to elevate privileges to gain root access. This issue has been assigned a high CVSS Base Score of 8.8, indicating its severity. The affected operating systems include Linux and UNIX, with various versions of Ubuntu Linux wpa_supplicant being vulnerable. The vendor, Canonical Ltd., has released security updates to address this vulnerability, and users are advised to apply the patches promptly. There have been no known exploitation incidents in the wild related to this vulnerability at the current time.

Affected Version(s)

wpa_supplicant Linux 2:2.10-15 < 2:2.10-21ubuntu0.1

wpa_supplicant Linux 2:2.9.0-21build1 < 2:2.10-6ubuntu2.1

wpa_supplicant Linux 2:2.9-1ubuntu2 < 2:2.9-1ubuntu4.4

News Articles

News.de

CVE-2024-5290

Ubuntu Linux (wpa_supplicant) gefährdet: IT-Sicherheitswarnung vor neuer Schwachstelle

Das BSI hat einen aktuellen IT-Sicherheitshinweis für Ubuntu Linux (wpa_supplicant) herausgegeben. Mehr über die betroffenen Betriebssysteme und Produkte sowie CVE-Nummern erfahren Sie hier auf news.de.

References

https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613

https://snyk.io/blog/abusing-ubuntu-root-privilege-escala...

https://ubuntu.com/security/notices/USN-6945-1

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by News.de
Aug 8, 2024
Vulnerability published
Aug 7, 2024
Vulnerability Reserved
May 23, 2024

Credit

Rory McNamara

Marc Deslauriers

Sudhakar Verma

Mark Esler