CVE-2024-1929 Information

Description

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary.

There are issues with the D-Bus interface long before Polkit is invoked. The org.rpm.dnf.v0.SessionManager.open_session method takes a key/value map of configuration entries. A sub-entry in this map placed under the ## Reference https://www.openwall.com/lists/oss-security/2024/03/04/2