Unrated severityNVD Advisory· Published Aug 7, 2024· Updated Sep 18, 2024
CVE-2024-5290
CVE-2024-5290
Description
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Canonical Ltd./wpa_supplicantv5Range: 2:2.10-15
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.