Critical wpa_supplicant Vulnerability Addressed
A serious vulnerability has been discovered in the widely used wpa_supplicant package, potentially leaving millions of devices at risk. This flaw, tracked as CVE-2024-5290, poses a significant risk of privilege escalation, potentially allowing attackers to gain unauthorized root access to a system.
wpa_supplicant is a critical component in the world of wireless security, providing client support for WPA, WPA2, and WPA3 protocols. It is widely used across various platforms, including desktops, laptops, and embedded systems, as it handles key negotiation with WPA authenticators and controls the roaming and authentication processes of the wireless LAN driver.
wpa_supplicant Vulnerability: CVE-2024-5290
The issue arises from the ability of an unprivileged user, especially one who has escalated to the netdev group, to specify an arbitrary path to a module that wpa_supplicant will load. Since wpa_supplicant typically runs as root, this capability can be exploited to execute malicious code with root privileges. In some cases, access to the D-Bus interface of wpa_supplicant could also facilitate this attack, highlighting the need for strict access controls and immediate patching.
Affected Linux Systems
The vulnerability has been identified in several major Linux distributions, particularly those using wpa_supplicant as part of their wireless networking infrastructure. The affected systems include:
Ubuntu: Multiple versions, including Ubuntu 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04, 16.04, and 14.04, are vulnerable to this exploit.
Debian: Both the stable (Debian 12 Bookworm) and oldstable (Debian 11 Bullseye) distributions are affected.
Available Security Updates
The good news is that security patches are available. Popular Linux distributions like Ubuntu and Debian have also released updates to address this critical issue.
Canonical has provided updates for the following Ubuntu releases:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
It’s important to note that the ESM (Extended Security Maintenance) updates are available only to users with an Ubuntu Pro subscription. For those seeking a more affordable alternative, TuxCare’s Extended Lifecycle Support (ELS) offers vendor-grade patches for five years beyond the official end-of-life date. ELS service is available for both Ubuntu 16.04 and Ubuntu 18.04.
Debian users can also secure their systems with the following updates:
For Debian 11 Bullseye (oldstable): Version 2:2.9.0-21+deb11u2
For Debian 12 Bookworm (stable): Version 2:2.10-12+deb12u2
Conclusion
This wpa_supplicant vulnerability allows malicious actors with limited privileges to potentially escalate their access to gain full control over a system. To protect your systems, it is highly recommended to update the wpa package as soon as possible. Delaying updates can leave your system vulnerable to exploitation. Users and administrators should ensure that their systems are running the latest security updates provided by their distribution vendors.
For those unable to immediately update, consider restricting access to the control interface of wpa_supplicant and limiting membership in the netdev group to reduce the attack surface.
Source: USN-6945-1