Home

CVE-2022-23303

Description

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.301

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2022:0504-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-2.9-23.15.1.x86_64.rpmLinux
SUSE-SU-2022:0504-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-debuginfo-2.9-23.15.1.x86_64.rpmLinux
SUSE-SU-2022:0504-1(SUSE Linux Enterprise Server 12-SP5 ) wpa_supplicant-debugsource-2.9-23.15.1.x86_64.rpmLinux
SUSE-SU-2022:0716-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) wpa_supplicant-2.9-4.33.1.x86_64_15_SP3.rpmLinux
SUSE-SU-2022:0716-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) wpa_supplicant-debuginfo-2.9-4.33.1.x86_64_15_SP3.rpmLinux
SUSE-SU-2022:0716-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) wpa_supplicant-debugsource-2.9-4.33.1.x86_64_15_SP3.rpmLinux
client support for WPA and WPA2 (USN-7317-1) hostapd_2.10-21ubuntu0.2_amd64.debLinux
client support for WPA and WPA2 (USN-7317-1) hostapd_2.10-22ubuntu0.1_amd64.debLinux
client support for WPA and WPA2 (USN-7317-1) hostapd_2.10-6ubuntu2.2_amd64.debLinux
client support for WPA and WPA2 (USN-7317-1) hostapd_2.9-1ubuntu4.6_amd64.debLinux
client support for WPA and WPA2 (USN-7317-1) wpasupplicant_2.10-21ubuntu0.2_amd64.debLinux
client support for WPA and WPA2 (USN-7317-1) wpasupplicant_2.10-22ubuntu0.1_amd64.debLinux
client support for WPA and WPA2 (USN-7317-1) wpasupplicant_2.10-6ubuntu2.2_amd64.debLinux
client support for WPA and WPA2 (USN-7317-1) wpasupplicant_2.9-1ubuntu4.6_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234