CVE-2024-34397 is a vulnerability found in GNOME GLib, specifically affecting versions prior to 2.78.5, and 2.79.x and 2.80.x before 2.80.1. The issue arises when a GDBus-based client subscribes to signals from trusted system services like NetworkManager on a shared computer. Due to improper authentication of D-Bus signals, other unprivileged users on the same system can send spoofed signals that the client mistakenly accepts as originating from the trusted service. This flaw can cause the client application to behave incorrectly, with impacts varying depending on the application’s role and functionality. The vulnerability is categorized under CWE-290 (Authentication Bypass by Spoofing) and has a CVSS v3.1 base score of 5.2, indicating medium severity. The attack vector is local (AV:P), requires no privileges (PR:N), no user interaction (UI:N), and affects integrity and availability but not confidentiality. Although no exploits are currently known in the wild, the vulnerability poses a risk in multi-user environments where shared access to the system exists. The root cause is the lack of proper verification of the sender’s identity on the D-Bus IPC mechanism, which is critical for secure inter-process communication on Linux systems. This can lead to unauthorized command execution or state changes within applications relying on these signals.

For European organizations, particularly those using Linux desktops or servers with GNOME environments, this vulnerability could allow malicious local users to interfere with system services by spoofing D-Bus signals. This can undermine system integrity, causing applications to perform unintended actions, potentially disrupting network configurations or other critical services managed via D-Bus. While confidentiality is not directly impacted, the integrity and availability of system services could be compromised, leading to operational disruptions. Organizations with shared computing environments, such as universities, research labs, or enterprises with multi-user Linux systems, are at higher risk. The medium CVSS score reflects moderate risk, but the ease of exploitation on shared systems without requiring authentication elevates the threat in such contexts. The absence of known exploits suggests limited current active threat but does not preclude future exploitation attempts.

The primary mitigation is to upgrade GNOME GLib to versions 2.78.5 or later, or 2.80.1 and above for the affected branches, where the vulnerability is patched. Organizations should audit their systems to identify affected GLib versions and prioritize patch deployment on multi-user and shared systems. Additionally, restricting local user access to trusted users only can reduce the attack surface. Implementing strict user permissions and isolating critical services from untrusted users helps mitigate exploitation risk. Monitoring D-Bus traffic for anomalous or unexpected signals may provide early detection of attempted spoofing. For environments where immediate patching is not feasible, consider disabling or limiting the use of GDBus-based clients subscribing to signals from sensitive system services. Employing containerization or sandboxing for applications relying on D-Bus can also reduce the impact of spoofed signals. Finally, educating system administrators about the risks of local privilege misuse and enforcing strong access controls on shared systems is essential.