wpa_supplicant could be made to run programs as an administrator with
specially crafted configuration file.
Software Description:
- wpa: client support for WPA and WPA2
Details:
Rory McNamara discovered that wpa_supplicant could be made to load
arbitrary shared objects by unprivileged users that have access to
the control interface. An attacker could use this to escalate privileges
to root.
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS wpasupplicant 2:2.10-21ubuntu0.1 Ubuntu 22.04 LTS wpasupplicant 2:2.10-6ubuntu2.1 Ubuntu 20.04 LTS wpasupplicant 2:2.9-1ubuntu4.4 Ubuntu 18.04 LTS wpasupplicant 2:2.6-15ubuntu2.8+esm1 Ubuntu 16.04 LTS wpasupplicant 2.4-0ubuntu6.8+esm1 Ubuntu 14.04 LTS wpasupplicant 2.1-0ubuntu1.7+esm5 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6945-1
CVE-2024-5290,https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
Get the latest Linux and open source security news straight to your inbox.