DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CVE-2024-5290

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-5290

Severity

7.8

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).

Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-5290
  • https://github.com/advisories/GHSA-c2m5-cmpw-rjcx
  • https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/
  • https://ubuntu.com/security/notices/USN-6945-1
  • https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal