CVE-2024-42029
📋 TL;DR
This vulnerability in xdg-desktop-portal-hyprland allows OS command injection due to improper escaping when passing application IDs and titles via environment variables. Attackers can execute arbitrary commands on affected systems by manipulating these values. Users of Hyprland Wayland compositor with the vulnerable portal backend are affected.
💻 Affected Systems
- xdg-desktop-portal-hyprland
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with root privileges, allowing installation of persistent malware, data exfiltration, or complete system takeover.
Likely Case
Local privilege escalation or arbitrary command execution in user context, potentially leading to lateral movement within the system.
If Mitigated
Limited impact with proper isolation and minimal user privileges, potentially only affecting the user's session.
🎯 Exploit Status
Exploitation requires local access or ability to influence environment variables passed to the portal service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.3
Vendor Advisory: https://github.com/hyprwm/xdg-desktop-portal-hyprland/releases/tag/v1.3.3
Restart Required: Yes
Instructions:
1. Update xdg-desktop-portal-hyprland to version 1.3.3 or later. 2. Restart the portal service: 'systemctl --user restart xdg-desktop-portal-hyprland'. 3. Restart Hyprland session to ensure all components use the patched version.
🔧 Temporary Workarounds
Disable xdg-desktop-portal-hyprland
linuxTemporarily disable the vulnerable portal backend until patched
systemctl --user stop xdg-desktop-portal-hyprland
systemctl --user disable xdg-desktop-portal-hyprland
Use alternative portal backend
linuxSwitch to a different XDG Desktop Portal backend (e.g., xdg-desktop-portal-gnome or xdg-desktop-portal-kde)
sudo pacman -S xdg-desktop-portal-gnome
systemctl --user enable --now xdg-desktop-portal-gnome
🧯 If You Can't Patch
- Isolate affected systems from critical network segments
- Implement strict user privilege separation and monitor for suspicious command execution
🔍 How to Verify
Check if Vulnerable:
Check installed version: 'xdg-desktop-portal-hyprland --version' or 'pacman -Qi xdg-desktop-portal-hyprland' on Arch-based systemsCheck Version:
xdg-desktop-portal-hyprland --versionVerify Fix Applied:
Verify version is 1.3.3 or higher: 'xdg-desktop-portal-hyprland --version | grep -q "1\\.3\\.3\|1\\.4" && echo "Patched"'📡 Detection & Monitoring
Log Indicators:
- Unusual command execution from xdg-desktop-portal-hyprland process
- Suspicious environment variables containing shell metacharacters
Network Indicators:
- Unexpected outbound connections from user sessions
SIEM Query:
process.name="xdg-desktop-portal-hyprland" AND cmdline contains suspicious characters like ;, |, &, $, (, )🔗 References
- https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd
- https://github.com/hyprwm/xdg-desktop-portal-hyprland/issues/242
- https://github.com/hyprwm/xdg-desktop-portal-hyprland/releases/tag/v1.3.3
- https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd
- https://github.com/hyprwm/xdg-desktop-portal-hyprland/issues/242
- https://github.com/hyprwm/xdg-desktop-portal-hyprland/releases/tag/v1.3.3
