wpa_supplicant and hostapd could be made to expose sensitive information
over the network.
Software Description:
- wpa: client support for WPA and WPA2
Details:
George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that
wpa_supplicant and hostapd reused encryption elements in the PKEX protocol.
An attacker could possibly use this issue to impersonate a wireless access
point, and obtain sensitive information. (CVE-2022-37660)
Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered
that wpa_supplicant and hostapd were vulnerable to side channel attacks due
to the cache access patterns. An attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2022-23303, CVE-2022-23304)
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 hostapd 2:2.10-22ubuntu0.1 wpasupplicant 2:2.10-22ubuntu0.1 Ubuntu 24.04 LTS hostapd 2:2.10-21ubuntu0.2 wpasupplicant 2:2.10-21ubuntu0.2 Ubuntu 22.04 LTS hostapd 2:2.10-6ubuntu2.2 wpasupplicant 2:2.10-6ubuntu2.2 Ubuntu 20.04 LTS hostapd 2:2.9-1ubuntu4.6 wpasupplicant 2:2.9-1ubuntu4.6 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7317-1
CVE-2022-23303, CVE-2022-23304, CVE-2022-37660
Get the latest Linux and open source security news straight to your inbox.