AZL-40340

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40340.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-40340

Upstream

CVE-2024-1929

Published

2024-05-08T02:15:09Z

Modified

2026-04-21T04:29:00.811325Z

Summary

CVE-2024-1929 affecting package dnf5 for versions less than 5.1.11-3

Details

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.

There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.open_session method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the libdnf5::Base configuration.

Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this "config" map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-1929

Affected packages

Azure Linux:3 / dnf5

Package

Name: dnf5
Purl: pkg:rpm/azure-linux/dnf5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.11-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40340.json"