Описание
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
A flaw was found in the wpa_supplicant, in the way it processes P2P (Wi-Fi Direct) provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpa_supplicant process or potentially cause code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Отчет
An attacker (or a system controlled by the attacker) needs to be within radio range of the vulnerable system to send a set of suitably constructed management frames that trigger the corner case to be reached in the management of the P2P peer table.
Меры по смягчению последствий
Disable the P2P (control interface command "P2P_SET disabled 1" or "p2p_disabled=1" in (each, if multiple interfaces used) wpa_supplicant configuration file)
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | wpa_supplicant | Not affected | ||
| Red Hat Enterprise Linux 9 | wpa_supplicant | Not affected | ||
| Red Hat Enterprise Linux 7 | wpa_supplicant | Fixed | RHSA-2021:0808 | 10.03.2021 |
| Red Hat Enterprise Linux 8 | wpa_supplicant | Fixed | RHSA-2021:0809 | 11.03.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | wpa_supplicant | Fixed | RHSA-2021:0818 | 15.03.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | wpa_supplicant | Fixed | RHSA-2021:0816 | 15.03.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant b ...
EPSS
7.5 High
CVSS3