CVE-2024-34397

Name of the Vulnerable Software and Affected Versions GNOME GLib versions prior to 2.78.5 GNOME GLib versions 2.79.x GNOME GLib versions 2.80.x prior to 2.80.1

Description An issue was discovered in GNOME GLib where a GDBus-based client subscribing to signals from a trusted system service, such as NetworkManager, on a shared computer can be tricked into interpreting spoofed D-Bus signals as if they were sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an impact that depends on the application. The vulnerability is related to incorrect verification of the communication channel source.

Recommendations For GNOME GLib versions prior to 2.78.5, update to version 2.78.5 or later. For GNOME GLib versions 2.79.x, update to version 2.80.1 or later. For GNOME GLib versions 2.80.x prior to 2.80.1, update to version 2.80.1 or later. As a temporary workaround, consider restricting access to the GDBus-based client to minimize the risk of exploitation.