Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu Releases 20.04 to 24.10: USN-7317-1 Addresses WPA Info Exposure

ubuntu
Calendar Grey March 4, 2025
Dist Ubuntu Esm H88
Security Update Announcement for Ubuntu USN-7317-1 concerning vulnerabilities in wpa_supplicant and hostapd leading to potential exposure of private data.
wpa_supplicant and hostapd could be made to expose sensitive information over the network.

Summary

wpa_supplicant and hostapd could be made to expose sensitive information

over the network.

Software Description:

- wpa: client support for WPA and WPA2

Details:

George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that

wpa_supplicant and hostapd reused encryption elements in the PKEX protocol.

An attacker could possibly use this issue to impersonate a wireless access

point, and obtain sensitive information. (CVE-2022-37660)

Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered

that wpa_supplicant and hostapd were vulnerable to side channel attacks due

to the cache access patterns. An attacker could possibly use this issue to

obtain sensitive information. This issue only affected Ubuntu 20.04 LTS.

(CVE-2022-23303, CVE-2022-23304)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   hostapd                         2:2.10-22ubuntu0.1
   wpasupplicant                   2:2.10-22ubuntu0.1

Ubuntu 24.04 LTS
   hostapd                         2:2.10-21ubuntu0.2
   wpasupplicant                   2:2.10-21ubuntu0.2

Ubuntu 22.04 LTS
   hostapd                         2:2.10-6ubuntu2.2
   wpasupplicant                   2:2.10-6ubuntu2.2

Ubuntu 20.04 LTS
   hostapd                         2:2.9-1ubuntu4.6
   wpasupplicant                   2:2.9-1ubuntu4.6

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7317-1

  CVE-2022-23303, CVE-2022-23304, CVE-2022-37660

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7317-1

Package Information

  https://launchpad.net/ubuntu/+source/wpa/2:2.10-22ubuntu0.1
  https://launchpad.net/ubuntu/+source/wpa/2:2.10-21ubuntu0.2
  https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu2.2
  https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here