CVE-2024-5290

Name of the Vulnerable Software and Affected Versions wpa supplicant (affected versions not specified)

Description The issue is related to an uncontrolled search path element in wpa supplicant, allowing a local unprivileged attacker to escalate privileges to the user that wpa supplicant runs as, usually root. Membership in the netdev group or access to the dbus interface of wpa supplicant allows an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa supplicant process. The estimated number of potentially affected devices is in the millions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.