Unprivileged Attacker Can Elevate Privileges in Ubuntu wpa_supplicant
CVE-2024-5290

7.8HIGH

Key Information:

Vendor

Canonical Ltd.

Status
WPa Supplicant
Vendor
CVE Published:
7 August 2024

Badges

đź“° News Worthy

What is CVE-2024-5290?

The vulnerability, identified as CVE-2024-5290, affects the Ubuntu wpa_supplicant software, potentially allowing a local unprivileged attacker to elevate privileges to gain root access. This issue has been assigned a high CVSS Base Score of 8.8, indicating its severity. The affected operating systems include Linux and UNIX, with various versions of Ubuntu Linux wpa_supplicant being vulnerable. The vendor, Canonical Ltd., has released security updates to address this vulnerability, and users are advised to apply the patches promptly. There have been no known exploitation incidents in the wild related to this vulnerability at the current time.

Affected Version(s)

wpa_supplicant Linux 2:2.10-15 < 2:2.10-21ubuntu0.1

wpa_supplicant Linux 2:2.9.0-21build1 < 2:2.10-6ubuntu2.1

wpa_supplicant Linux 2:2.9-1ubuntu2 < 2:2.9-1ubuntu4.4

News Articles

favicon imageNews.de

Ubuntu Linux (wpa_supplicant) gefährdet: IT-Sicherheitswarnung vor neuer Schwachstelle

Das BSI hat einen aktuellen IT-Sicherheitshinweis fĂĽr Ubuntu Linux (wpa_supplicant) herausgegeben. Mehr ĂĽber die betroffenen Betriebssysteme und Produkte sowie CVE-Nummern erfahren Sie hier auf news.de.

References

https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
https://snyk.io/blog/abusing-ubuntu-root-privilege-escala...
https://ubuntu.com/security/notices/USN-6945-1

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by News.de

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rory McNamara
Marc Deslauriers
Sudhakar Verma
Mark Esler
.