Unprivileged Attacker Can Elevate Privileges in Ubuntu wpa_supplicant
CVE-2024-5290
Summary
The vulnerability, identified as CVE-2024-5290, affects the Ubuntu wpa_supplicant software, potentially allowing a local unprivileged attacker to elevate privileges to gain root access. This issue has been assigned a high CVSS Base Score of 8.8, indicating its severity. The affected operating systems include Linux and UNIX, with various versions of Ubuntu Linux wpa_supplicant being vulnerable. The vendor, Canonical Ltd., has released security updates to address this vulnerability, and users are advised to apply the patches promptly. There have been no known exploitation incidents in the wild related to this vulnerability at the current time.
Affected Version(s)
wpa_supplicant Linux 2:2.10-15 < 2:2.10-21ubuntu0.1
wpa_supplicant Linux 2:2.9.0-21build1 < 2:2.10-6ubuntu2.1
wpa_supplicant Linux 2:2.9-1ubuntu2 < 2:2.9-1ubuntu4.4
News Articles
Ubuntu Linux (wpa_supplicant) gefährdet: IT-Sicherheitswarnung vor neuer Schwachstelle
Das BSI hat einen aktuellen IT-Sicherheitshinweis fĂĽr Ubuntu Linux (wpa_supplicant) herausgegeben. Mehr ĂĽber die betroffenen Betriebssysteme und Produkte sowie CVE-Nummern erfahren Sie hier auf news.de.
References
CVSS V3.1
Timeline
- đź“°
First article discovered by News.de
Vulnerability published
Vulnerability Reserved