CVE-2022-23303 Hostapd and wpa_supplicant are vulnerable to side channel attacks because of cache access patterns.

SAE can be exploited through the hostapd process, resulting in information leak and Denial of Service (DoS). SAE can also be exploited through wpa_supplicant. SAE can be exploited through the hostapd process, resulting in information leak and Denial of Service (DoS). SAE can also be exploited through wpa_supplicant.

Impact:

Remotely exploitable via SAE

CVE reference:

bsc#1068085 bsc#1068086 bsc#1068087 bsc#1068088 bsc#1068089 bsc#1068090 bsc#1068091 bsc#1068092 bsc#1068093 bsc#1068094 bsc#1068095 bsc#1068096 bsc#1068097 bsc#1068098 bsc#1068099 bsc#1068100 bsc#1068101 bsc#1068102 bsc#1068103 bsc#1068104 bsc#1068105 bsc#1068106 bsc#1068107 bsc#1068108 bsc#1068109 bsc#1068110 bsc#1068111 bsc#1068112 bsc#1068113 bsc#1068114 bsc#1068115 bsc#1068116 bsc#1068117 bsc#1068

SAE in hostapd

SAE can be exploited through the hostapd process, resulting in information leak and Denial of Service (DoS).

Timeline

Published on: 01/17/2022 02:15:00 UTC
Last modified on: 02/28/2022 22:07:00 UTC

References

• https://w1.fi/security/2022-1/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23303