CVE-2024-1929 – This vulnerability in dnf5daemon-server allows ... (How to Fix)

Q: What is the severity of CVE-2024-1929?

CVE-2024-1929 has a CVSS score of 7.5 (HIGH). This vulnerability in dnf5daemon-server allows local unprivileged users to achieve root privileges by manipulating configuration dictionaries passed through D-Bus. Attackers can load malicious plugin libraries during session initialization, bypassing Polkit authentication. Systems using dnf5daemon-server versions before 5.1.17 are affected.

📋 TL;DR

This vulnerability in dnf5daemon-server allows local unprivileged users to achieve root privileges by manipulating configuration dictionaries passed through D-Bus. Attackers can load malicious plugin libraries during session initialization, bypassing Polkit authentication. Systems using dnf5daemon-server versions before 5.1.17 are affected.

💻 Affected Systems

Products:

dnf5daemon-server

Versions: All versions before 5.1.17

Operating Systems: Linux distributions using dnf5 (Fedora, RHEL derivatives)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires dnf5daemon-server service to be running and accessible via D-Bus. Systems using dnf5 package manager are likely affected.

📦 What is this software?

Dnf5 by Rpm

View all CVEs affecting Dnf5 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local unprivileged user gains full root access to the system, compromising confidentiality, integrity, and availability of all data and services.

🟠

Likely Case

Local attackers with user accounts escalate privileges to root, potentially installing backdoors, accessing sensitive data, or pivoting to other systems.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated systems, but root compromise still enables significant damage.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing user access, not directly exploitable from the internet.

🏢 Internal Only: HIGH - Any local user account can potentially exploit this to gain root privileges on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local user access but is straightforward once the vulnerability details are understood. The D-Bus interface is vulnerable before Polkit authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.1.17

Vendor Advisory: https://www.openwall.com/lists/oss-security/2024/03/04/2

Restart Required: Yes

Instructions:

1. Update dnf5daemon-server to version 5.1.17 or later using your package manager. 2. Restart the dnf5daemon service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable dnf5daemon-server

linux

Stop and disable the vulnerable service if not required

sudo systemctl stop dnf5daemon-server
sudo systemctl disable dnf5daemon-server

Restrict D-Bus access

linux

Limit which users can access the vulnerable D-Bus interface

Configure Polkit policies to restrict access to org.rpm.dnf.v0.SessionManager

🧯 If You Can't Patch

Disable the dnf5daemon-server service entirely if package management via D-Bus is not required
Implement strict access controls and monitoring for local user accounts, especially those with D-Bus access

🔍 How to Verify

Check if Vulnerable:

Check dnf5daemon-server version: rpm -q dnf5daemon-server

Check Version:

rpm -q dnf5daemon-server

Verify Fix Applied:

Verify version is 5.1.17 or later: rpm -q dnf5daemon-server | grep -E '5\.1\.1[7-9]|5\.1\.[2-9]|5\.[2-9]'

📡 Detection & Monitoring

Log Indicators:

Unusual D-Bus calls to org.rpm.dnf.v0.SessionManager
Suspicious library loading in dnf5daemon logs
Unexpected privilege escalation events

Network Indicators:

Local D-Bus traffic patterns to dnf5daemon service

SIEM Query:

process:dnf5daemon AND (event:library_load OR event:privilege_escalation)

📊 Metadata

CVE ID: CVE-2024-1929

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-20

Published: May 8, 2024

Last Updated: August 25, 2025

🔗 References

https://www.openwall.com/lists/oss-security/2024/03/04/2 Exploit,Mailing List,Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/03/04/2 Exploit,Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1929, you might also want to check these: