CVE-2024-5290 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-5290 Interim 1 5 2025-02-16T01:47:14Z current 2024-08-07T23:21:19Z 2025-02-16T01:47:14Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-5290 An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 12 SP3-LTSS SUSE Linux Enterprise Server Teradata 15 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Micro 6.0 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.5 openSUSE Leap 15.6 wpa_supplicant wpa_supplicant-gui wpa_supplicant as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 wpa_supplicant as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS wpa_supplicant as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS wpa_supplicant as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS wpa_supplicant as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS wpa_supplicant as a component of SUSE Linux Enterprise Micro 5.1 wpa_supplicant as a component of SUSE Linux Enterprise Micro 5.2 wpa_supplicant as a component of SUSE Linux Enterprise Micro 5.3 wpa_supplicant as a component of SUSE Linux Enterprise Micro 5.4 wpa_supplicant as a component of SUSE Linux Enterprise Micro 5.5 wpa_supplicant as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 wpa_supplicant as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 wpa_supplicant as a component of SUSE Linux Enterprise Server 12 SP4-LTSS wpa_supplicant as a component of SUSE Linux Enterprise Server 12 SP5 wpa_supplicant as a component of SUSE Linux Enterprise Server 15 SP1-LTSS wpa_supplicant as a component of SUSE Linux Enterprise Server 15 SP2-LTSS wpa_supplicant as a component of SUSE Linux Enterprise Server 15 SP3-LTSS wpa_supplicant as a component of SUSE Linux Enterprise Server 15 SP4-LTSS wpa_supplicant as a component of SUSE Linux Enterprise Server 15-LTSS wpa_supplicant as a component of SUSE Linux Enterprise Server Teradata 12 SP3 wpa_supplicant as a component of SUSE Linux Enterprise Server Teradata 12 SP3-LTSS wpa_supplicant as a component of SUSE Linux Enterprise Server Teradata 15 SP4 wpa_supplicant as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 wpa_supplicant as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 wpa_supplicant as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 wpa_supplicant as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 wpa_supplicant as a component of SUSE Linux Micro 6.0 wpa_supplicant as a component of SUSE Manager Proxy 4.3 wpa_supplicant as a component of SUSE Manager Retail Branch Server 4.3 wpa_supplicant as a component of SUSE Manager Server 4.3 wpa_supplicant as a component of openSUSE Leap 15.5 wpa_supplicant-gui as a component of openSUSE Leap 15.5 wpa_supplicant as a component of openSUSE Leap 15.6 wpa_supplicant-gui as a component of openSUSE Leap 15.6 An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. CVE-2024-5290 SUSE Linux Enterprise High Performance Computing 12 SP5:wpa_supplicant SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:wpa_supplicant SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:wpa_supplicant SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:wpa_supplicant SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:wpa_supplicant SUSE Linux Enterprise Micro 5.1:wpa_supplicant SUSE Linux Enterprise Micro 5.2:wpa_supplicant SUSE Linux Enterprise Micro 5.3:wpa_supplicant SUSE Linux Enterprise Micro 5.4:wpa_supplicant SUSE Linux Enterprise Micro 5.5:wpa_supplicant SUSE Linux Enterprise Module for Basesystem 15 SP5:wpa_supplicant SUSE Linux Enterprise Module for Basesystem 15 SP6:wpa_supplicant SUSE Linux Enterprise Server 12 SP4-LTSS:wpa_supplicant SUSE Linux Enterprise Server 12 SP5:wpa_supplicant SUSE Linux Enterprise Server 15 SP1-LTSS:wpa_supplicant SUSE Linux Enterprise Server 15 SP2-LTSS:wpa_supplicant SUSE Linux Enterprise Server 15 SP3-LTSS:wpa_supplicant SUSE Linux Enterprise Server 15 SP4-LTSS:wpa_supplicant SUSE Linux Enterprise Server 15-LTSS:wpa_supplicant SUSE Linux Enterprise Server Teradata 12 SP3-LTSS:wpa_supplicant SUSE Linux Enterprise Server Teradata 12 SP3:wpa_supplicant SUSE Linux Enterprise Server Teradata 15 SP4:wpa_supplicant SUSE Linux Enterprise Server for SAP Applications 12 SP5:wpa_supplicant SUSE Linux Enterprise Server for SAP Applications 15 SP2:wpa_supplicant SUSE Linux Enterprise Server for SAP Applications 15 SP3:wpa_supplicant SUSE Linux Enterprise Server for SAP Applications 15 SP4:wpa_supplicant SUSE Linux Micro 6.0:wpa_supplicant SUSE Manager Proxy 4.3:wpa_supplicant SUSE Manager Retail Branch Server 4.3:wpa_supplicant SUSE Manager Server 4.3:wpa_supplicant openSUSE Leap 15.5:wpa_supplicant openSUSE Leap 15.5:wpa_supplicant-gui openSUSE Leap 15.6:wpa_supplicant openSUSE Leap 15.6:wpa_supplicant-gui important 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H