Vulnerability Details CVE-2024-5290
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.9%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-5290
-
cpe:2.3:a:w1.fi:wpa_supplicant:-
-
cpe:2.3:o:canonical:ubuntu_linux:-