CVE-2024-5290 – This vulnerability in Ubuntu's wpa

Q: What is the severity of CVE-2024-5290?

CVE-2024-5290 has a CVSS score of 8.8 (HIGH). This vulnerability in Ubuntu's wpa_supplicant allows local unprivileged users to load arbitrary shared objects, leading to privilege escalation to root. Attackers need membership in the netdev group or access to the wpa_supplicant D-Bus interface. This affects Ubuntu systems with vulnerable wpa_supplicant versions.

📋 TL;DR

This vulnerability in Ubuntu's wpa_supplicant allows local unprivileged users to load arbitrary shared objects, leading to privilege escalation to root. Attackers need membership in the netdev group or access to the wpa_supplicant D-Bus interface. This affects Ubuntu systems with vulnerable wpa_supplicant versions.

💻 Affected Systems

Products:

wpa_supplicant

Versions: Ubuntu wpa_supplicant versions before the fix

Operating Systems: Ubuntu Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access and either netdev group membership or D-Bus interface access to wpa_supplicant.

📦 What is this software?

Wpa Supplicant by W1.fi

View all CVEs affecting Wpa Supplicant →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full root privileges on the system, enabling complete system compromise, data theft, persistence, and lateral movement.

🟠

Likely Case

Local user with netdev group membership or D-Bus access escalates to root and installs backdoors, steals credentials, or modifies system configurations.

🟢

If Mitigated

With proper access controls and patching, impact is limited to denial of service or minimal privilege escalation if wpa_supplicant runs as non-root.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and specific privileges (netdev group or D-Bus access). Public proof-of-concept exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Ubuntu security updates

Vendor Advisory: https://ubuntu.com/security/notices/USN-6945-1

Restart Required: Yes

Instructions:

1. Run 'sudo apt update' 2. Run 'sudo apt upgrade wpa' 3. Restart wpa_supplicant service or reboot system

🔧 Temporary Workarounds

Remove users from netdev group

linux

Remove unnecessary users from the netdev group to reduce attack surface

sudo deluser <username> netdev

Restrict D-Bus access

linux

Configure D-Bus policies to restrict access to wpa_supplicant interface

🧯 If You Can't Patch

Remove all non-essential users from the netdev group
Implement strict D-Bus access controls and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check wpa_supplicant version with 'wpa_supplicant -v' and compare against patched versions in USN-6945-1

Check Version:

wpa_supplicant -v

Verify Fix Applied:

Verify wpa_supplicant version is updated and check that users in netdev group are minimized

📡 Detection & Monitoring

Log Indicators:

Unusual wpa_supplicant module loading
Failed privilege escalation attempts
Unexpected D-Bus connections to wpa_supplicant

SIEM Query:

Process creation where parent process is wpa_supplicant and command line contains unusual module paths

📊 Metadata

CVE ID: CVE-2024-5290

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-427

Published: August 7, 2024

Last Updated: September 17, 2024

🔗 References

https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613 Exploit,Issue Tracking
https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/ Exploit,Third Party Advisory
https://ubuntu.com/security/notices/USN-6945-1 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5290, you might also want to check these: