CVE-2024-9312 – CVE-2024-9312 is an authentication bypass vulne... (How to Fix)

Q: What is the severity of CVE-2024-9312?

CVE-2024-9312 has a CVSS score of 7.5 (HIGH). CVE-2024-9312 is an authentication bypass vulnerability in authd where insufficient user ID randomization allows local attackers to spoof other users' IDs. This enables privilege escalation where an attacker could gain the privileges of any user on the system. Systems running authd version 0.3.6 or earlier are affected.

📋 TL;DR

CVE-2024-9312 is an authentication bypass vulnerability in authd where insufficient user ID randomization allows local attackers to spoof other users' IDs. This enables privilege escalation where an attacker could gain the privileges of any user on the system. Systems running authd version 0.3.6 or earlier are affected.

💻 Affected Systems

Products:

authd

Versions: 0.3.6 and earlier

Operating Systems: Linux (Ubuntu primarily, potentially other distributions)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where authd is installed and local user registration is enabled

📦 What is this software?

Authd by Canonical

View all CVEs affecting Authd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains root privileges by spoofing root user ID, leading to complete system compromise

🟠

Likely Case

Local attacker escalates to another user's privileges, potentially accessing sensitive data or performing unauthorized actions

🟢

If Mitigated

Attack limited to local users only, with proper access controls preventing critical system access

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local user access

🏢 Internal Only: HIGH - Any local user could potentially escalate to any other user's privileges

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local user access and ability to register user names

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.3.7 or later

Vendor Advisory: https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2

Restart Required: Yes

Instructions:

1. Update authd to version 0.3.7 or later using your package manager. 2. Restart the authd service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable local user registration

linux

Prevent new user registration to block the attack vector

# Configure authd to disable user registration
# Check authd configuration for registration settings

Restrict local user access

linux

Limit which users can access the system locally

# Use PAM or other access controls to restrict local login
# Review /etc/security/access.conf and other access control files

🧯 If You Can't Patch

Implement strict access controls to limit which users can log in locally
Monitor for suspicious authentication events and user privilege changes

🔍 How to Verify

Check if Vulnerable:

Check authd version with 'authd --version' or package manager query

Check Version:

authd --version || dpkg -l | grep authd || rpm -qa | grep authd

Verify Fix Applied:

Verify authd version is 0.3.7 or later and check that user ID collisions are properly randomized

📡 Detection & Monitoring

Log Indicators:

Multiple user registrations with similar timing
User privilege escalation without proper authentication
Failed authentication attempts followed by successful access

Network Indicators:

Local authentication anomalies
Unexpected user privilege changes

SIEM Query:

source="authd.log" AND ("user registration" OR "privilege escalation")

📊 Metadata

CVE ID: CVE-2024-9312

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-286

Published: October 10, 2024

Last Updated: August 26, 2025

🔗 References

https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2 Exploit,Mitigation,Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2024-9312 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9312, you might also want to check these: