The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
References
Link | Resource |
---|---|
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/ | |
https://security.gentoo.org/glsa/202309-16 | |
https://w1.fi/security/2022-1/ | Mitigation Patch Third Party Advisory |
Configurations
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
30 Sep 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2022-01-17 02:15
Updated : 2024-02-28 18:48
NVD link : CVE-2022-23303
Mitre link : CVE-2022-23303
CVE.ORG link : CVE-2022-23303
JSON object : View
Products Affected
w1.fi
- wpa_supplicant
- hostapd
fedoraproject
- fedora
CWE
CWE-203
Observable Discrepancy