HCE2-SA-2024-0306 Important HCE 2.0 Security Fix(es): An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. (CVE-2024-5290) The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network_x27;s TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. (CVE-2023-52160) HCE 2.0 wpa_supplicant-2.6-30.r2.hce2.aarch64.rpm wpa_supplicant-gui-2.6-30.r2.hce2.aarch64.rpm wpa_supplicant-help-2.6-30.r2.hce2.aarch64.rpm wpa_supplicant-2.6-30.r2.hce2.x86_64.rpm wpa_supplicant-gui-2.6-30.r2.hce2.x86_64.rpm wpa_supplicant-help-2.6-30.r2.hce2.x86_64.rpm