DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CVE-2024-5290

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-5290

Severity

7.8

High

CVSS V3

Description

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).

Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

References

  • https://images.chainguard.dev/security/CGA-8wwh-rr2f-x8vv
  • https://github.com/advisories/GHSA-c2m5-cmpw-rjcx
  • https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/
  • https://ubuntu.com/security/notices/USN-6945-1
  • https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal