Описание
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. The highest threat from this vulnerability is to availability, confidentiality and integrity.
Отчет
Red Hat believes this vulnerability to be of moderate impact because one of the requisites for exploitation is the ability to run unprivileged code on the victim's machine; furthermore, the complexity of this attack is high, as it requires the ability to analyze cache access patterns and combine this with a sufficient number of handshake instances and an offline dictionary attack.
It is important to note that this CVE was filed as the preceding CVE-2019-9495, which was intended to address several potential side channel attacks present in wpa_supplicant, was found to be a partial fix and did not address the cache-based attack mentioned in this CVE.
In RHEL-8, the vulnerable configurations of wpa_supplicant and hostapd with SAE and EAP-pwd support (CONFIG_SAE=y and CONFIG_EAP_PWD=y, respectively) are not compiled.
In RHEL-9, no vulnerable versions of wpa_supplicant are built (versions prior to 2.10), meaning that it is not susceptible to this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | wpa_supplicant | Out of support scope | ||
| Red Hat Enterprise Linux 7 | wpa_supplicant | Not affected | ||
| Red Hat Enterprise Linux 8 | wpa_supplicant | Not affected | ||
| Red Hat Enterprise Linux 9 | wpa_supplicant | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
EPSS
7 High
CVSS3