The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
References
Configurations
History
21 Nov 2024, 06:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/ - | |
References | () https://security.gentoo.org/glsa/202309-16 - | |
References | () https://w1.fi/security/2022-1/ - Mitigation, Patch, Third Party Advisory |
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
30 Sep 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2022-01-17 02:15
Updated : 2024-11-21 06:48
NVD link : CVE-2022-23304
Mitre link : CVE-2022-23304
CVE.ORG link : CVE-2022-23304
JSON object : View
Products Affected
w1.fi
- wpa_supplicant
- hostapd
fedoraproject
- fedora
CWE
CWE-203
Observable Discrepancy