CVE-2024-2746

Name of the Vulnerable Software and Affected Versions dnf5 (affected versions not specified)

Description The issue arises from the dnf5 D-Bus daemon accepting arbitrary configuration parameters from unprivileged users. This allows a local root exploit by tricking the daemon into loading a user-controlled "plugin" before Polkit authentication is started. The dnf5 library code does not check whether non-root users control the directory in question, posing a Denial-of-Service attack vector. This can be used to make the daemon operate on a blocking file or a very large file, causing an out-of-memory situation. Additionally, this can be used to let the daemon process privileged files like /etc/shadow, potentially leading to information leaks through error diagnostics, although in the case of libdnf5, such user-accessible diagnostics should not exist. A local attacker can also place a valid repository configuration file in the directory, allowing them to specify additional configuration options and making various code paths in libdnf5 accessible to the attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.