CVE-2022-23303
Gentoo Linux Security Advisory 202309-16
Severity Score
Exploit Likelihood
Affected Versions
3Public Exploits
2Exploited in Wild
-Decision
Descriptions
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
Las implementaciones de SAE en hostapd versiones anteriores a 2.10 y wpa_supplicant versiones anteriores a 2.10, son vulnerables a ataques de canal lateral como resultado de los patrones de acceso a la caché. NOTA: este problema se presenta debido a una corrección incompleta de CVE-2019-9494
George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that wpa_supplicant and hostapd reused encryption elements in the PKEX protocol. An attacker could possibly use this issue to impersonate a wireless access point, and obtain sensitive information. Daniel De Almeida Braga, Mohamed Sabt, and Pierre-Alain Fouque discovered that wpa_supplicant and hostapd were vulnerable to side channel attacks due to the cache access patterns. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-17 CVE Reserved
- 2022-01-17 CVE Published
- 2023-09-13 First Exploit
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message... | 2023-11-07 | |
| https://security.gentoo.org/glsa/202309-16 | 2023-11-07 |